ID CVE-2002-0862
Summary The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
References
Vulnerable Configurations
  • cpe:2.3:a:adam_megacz:tinyssl:1.0.2
    cpe:2.3:a:adam_megacz:tinyssl:1.0.2
  • cpe:2.3:a:kde:konqueror:2.2.2
    cpe:2.3:a:kde:konqueror:2.2.2
  • cpe:2.3:a:kde:konqueror:3.0
    cpe:2.3:a:kde:konqueror:3.0
  • cpe:2.3:a:kde:konqueror:3.0.1
    cpe:2.3:a:kde:konqueror:3.0.1
  • cpe:2.3:a:kde:konqueror:3.0.2
    cpe:2.3:a:kde:konqueror:3.0.2
  • Microsoft Internet Explorer 5.0
    cpe:2.3:a:microsoft:ie:5.0
  • Microsoft Internet Explorer 5.0.1
    cpe:2.3:a:microsoft:ie:5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
    cpe:2.3:a:microsoft:ie:5.0.1:sp1
  • Microsoft Internet Explorer 5.0.1 SP2
    cpe:2.3:a:microsoft:ie:5.0.1:sp2
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 5.5 SP1
    cpe:2.3:a:microsoft:ie:5.5:sp1
  • Microsoft Internet Explorer 5.5 SP2
    cpe:2.3:a:microsoft:ie:5.5:sp2
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
  • Microsoft Internet Explorer Macintosh 5.0
    cpe:2.3:a:microsoft:ie_for_macintosh:5.0
  • Microsoft Internet Explorer Macintosh 5.1
    cpe:2.3:a:microsoft:ie_for_macintosh:5.1
  • Microsoft Internet Explorer Macintosh 5.1.1
    cpe:2.3:a:microsoft:ie_for_macintosh:5.1.1
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:internet_information_services:5.0
  • cpe:2.3:a:microsoft:office:98:-:mac
    cpe:2.3:a:microsoft:office:98:-:mac
  • cpe:2.3:a:microsoft:office:2001:-:macintosh
    cpe:2.3:a:microsoft:office:2001:-:macintosh
  • Microsoft office_macos 2001 sr1
    cpe:2.3:a:microsoft:office:2001:sr1:mac_os
  • cpe:2.3:a:microsoft:office:v.x
    cpe:2.3:a:microsoft:office:v.x
  • cpe:2.3:a:microsoft:outlook_express:4.5:-:macos
    cpe:2.3:a:microsoft:outlook_express:4.5:-:macos
  • Microsoft outlook_express 5.0
    cpe:2.3:a:microsoft:outlook_express:5.0
  • cpe:2.3:a:microsoft:outlook_express:5.0:-:macos
    cpe:2.3:a:microsoft:outlook_express:5.0:-:macos
  • cpe:2.3:a:microsoft:outlook_express:5.0.1:-:macos
    cpe:2.3:a:microsoft:outlook_express:5.0.1:-:macos
  • cpe:2.3:a:microsoft:outlook_express:5.0.2:-:macos
    cpe:2.3:a:microsoft:outlook_express:5.0.2:-:macos
  • cpe:2.3:a:microsoft:outlook_express:5.0.3:-:macos
    cpe:2.3:a:microsoft:outlook_express:5.0.3:-:macos
  • cpe:2.3:o:baltimore_technologies:mailsecure
    cpe:2.3:o:baltimore_technologies:mailsecure
  • cpe:2.3:o:kde:kde:2.2.1
    cpe:2.3:o:kde:kde:2.2.1
  • cpe:2.3:o:kde:kde:2.2.2
    cpe:2.3:o:kde:kde:2.2.2
  • cpe:2.3:o:kde:kde:3.0
    cpe:2.3:o:kde:kde:3.0
  • cpe:2.3:o:kde:kde:3.0.1
    cpe:2.3:o:kde:kde:3.0.1
  • cpe:2.3:o:kde:kde:3.0.2
    cpe:2.3:o:kde:kde:3.0.2
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Terminal Services
    cpe:2.3:o:microsoft:windows_2000_terminal_services
  • Microsoft Windows 2000 Terminal Services Service Pack 1
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp1
  • Microsoft Windows 2000 Terminal Services Service Pack 2
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp2
  • Microsoft Windows 2000 Terminal Services Service Pack 3
    cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp3
  • Microsoft windows 98_gold
    cpe:2.3:o:microsoft:windows_98:-:gold
  • Microsoft windows 98_se
    cpe:2.3:o:microsoft:windows_98se
  • Microsoft Windows ME
    cpe:2.3:o:microsoft:windows_me
  • Microsoft Windows NT 4.0
    cpe:2.3:o:microsoft:windows_nt:4.0
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:-:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server
    cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server
  • Microsoft Windows 4.0 sp1
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP1
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server
  • Microsoft Windows 4.0 sp2
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP2
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server
  • Microsoft Windows 4.0 sp3
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP3
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server
  • Microsoft Windows 4.0 sp4
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP4
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server
  • Microsoft Windows 4.0 sp5
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP5
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server
  • Microsoft Windows 4.0 sp6
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP6
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server
  • Microsoft Windows 4.0 sp6a
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha
  • Microsoft Windows NT Terminal Server 4.0 SP6a
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • Microsoft windows xp_gold
    cpe:2.3:o:microsoft:windows_xp:-:gold
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description MS IE 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain. CVE-2002-0828,CVE-2002-0862,CVE-2002-1183. Remote exploit for windows pl...
id EDB-ID:21692
last seen 2016-02-02
modified 2002-08-06
published 2002-08-06
reporter Mike Benham
source https://www.exploit-db.com/download/21692/
title Microsoft Internet Explorer 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS02-050.NASL
description The remote host contains a version of the CryptoAPI that could allow an attacker to spoof the identity of another user with malformed SSL certificates.
last seen 2019-02-21
modified 2018-11-15
plugin id 11145
published 2002-10-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11145
title MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (328145)
oval via4
  • accepted 2011-05-16T04:00:14.140-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
    family windows
    id oval:org.mitre.oval:def:1056
    status accepted
    submitted 2004-07-12T12:00:00.000-04:00
    title Microsoft Certificate Validation Flaw Identity Spoofing Vulnerability
    version 70
  • accepted 2011-05-16T04:00:52.883-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
    family windows
    id oval:org.mitre.oval:def:1332
    status accepted
    submitted 2004-07-12T12:00:00.000-04:00
    title Windows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 1)
    version 70
  • accepted 2011-05-16T04:02:35.841-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
    family windows
    id oval:org.mitre.oval:def:2671
    status accepted
    submitted 2004-07-11T12:00:00.000-04:00
    title Windows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)
    version 68
refmap via4
bugtraq
  • 20020805 IE SSL Vulnerability
  • 20020812 IE SSL Exploit
  • 20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
ms MS02-050
xf ssl-ca-certificate-spoofing(9776)
Last major update 17-10-2016 - 22:22
Published 04-10-2002 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top