CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0862

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.202

EPSS Ranking 95.2%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2002-0862

Microsoft » Internet Explorer » Version: N/A

cpe:2.3:a:microsoft:internet_explorer:-
Microsoft » Office » Version: N/A

cpe:2.3:a:microsoft:office:-
Microsoft » Outlook Express » Version: N/A

cpe:2.3:a:microsoft:outlook_express:-
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-
Microsoft » Windows 2000 » Version: N/A

cpe:2.3:o:microsoft:windows_2000:-
Microsoft » Windows 98 » Version: N/A

cpe:2.3:o:microsoft:windows_98:-
Microsoft » Windows 98se » Version: N/A

cpe:2.3:o:microsoft:windows_98se:-
Microsoft » Windows Me » Version: N/A

cpe:2.3:o:microsoft:windows_me:-
Microsoft » Windows Nt » Version: 4.0

cpe:2.3:o:microsoft:windows_nt:4.0
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0862

Products

Pricing

Contact Us