CVE-2002-2414 - Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-

CVE-2002-2414

Summary

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

References

http://marc.info/?l=full-disclosure&m=103783186608438&w=2
http://www.iss.net/security_center/static/10673.php
http://www.securityfocus.com/bid/6218

Vulnerable Configurations

cpe:2.3:a:opera_software:opera:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*
cpe:2.3:a:squid:squid:2.4:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 02:28)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	6218
fulldisc	20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
xf	opera-squid-https-dos(10673)

Last major update

18-10-2016 - 02:28

Published

31-12-2002 - 05:00

Last modified

18-10-2016 - 02:28