TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html | Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=102866120821995&w=2 | |
http://www.securityfocus.com/bid/5410 | Exploit Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2004-08-10T00:00:00
Reserved: 2003-02-05T00:00:00
Link: CVE-2002-1407
JSON object: View
NVD Information
Status : Modified
Published: 2003-04-11T04:00:00.000
Modified: 2017-10-10T01:30:12.627
Link: CVE-2002-1407
JSON object: View
Redhat Information
No data.
CWE