CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.5%

CVSS Severity

CVSS v2 Score 5.0

References

http://online.securityfocus.com/archive/1/292842
http://www.iss.net/security_center/static/10180.php
http://www.securityfocus.com/bid/5778
http://online.securityfocus.com/archive/1/292842
http://www.iss.net/security_center/static/10180.php
http://www.securityfocus.com/bid/5778

Products affected by CVE-2002-1824

Microsoft » Ie » Version: 6.0

cpe:2.3:a:microsoft:ie:6.0
Microsoft » Internet Explorer » Version: 6.0

cpe:2.3:a:microsoft:internet_explorer:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1824

Products

Pricing

Contact Us