Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:470543
HistoryDec 12, 2000 - 12:00 a.m.

Sun Microsystems Keys exposed and revoked

2000-12-1200:00:00
www.kb.cert.org
16

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Overview

Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are

3181 B12D C422 5DAC A340 CF86 2710 ABE6

and

1705 FB13 A22F 9AF3 C130 F562 6E12 504C

Description

The description below is an excerpt from Sun Security Bulletin 198.

Sun Microsystems, Inc. Security Bulletin
Bulletin Number: #00198
Date: October 24, 2000
Cross-Ref:
Title: Browser Certificates

1.Bulletin Topics

Sun advises of a potential compromise of 2 specific security certificates which had limited distribution.

Sun recommends that you follow the directions found at <http://sunsolve5.sun.com/secbull/certificate_howto.html&gt; to determine if
your web browser has accepted any of the potentially compromised certificates.

2.Who is Affected

A web browser that has accepted a Sun certificate with one the following serial numbers:
3181 B12D C422 5DAC A340 CF86 2710 ABE6 (Internet Explorer)
17:05:FB:13:A2:2F:9A:F3:C1:30:F5:62:6E:12:50:4C (Netscape)

3.Understanding the Vulnerability

Web browsers accept security certificates from trusted sources. A specific certificate from Sun may have received outside
exposure.

Systems that encounter this certificate are potentially vulnerable to attack from malicious applets, applications or components.

4.Corrective Action

Follow the instructions at <http://sunsolve5.sun.com/secbull/certificate_howto.html&gt; to determine if your browser has accepted one
of the potentially compromised certificates. If your browser contains this particular certificate, follow the instructions to remove it.

Impact

Users who accept these certificates into their browser may inadvertently run malicious code signed by the compromised certificates. Any such code would appear to be from Sun Microsystems, thus creating a misleading sense of trust.

Solution

Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.securityfocus.com/bid/1851&gt;

Acknowledgements

This document was written by Shawn Hernan.

Other Information

CVE IDs: CVE-2000-0889
CERT Advisory: CA-2000-19 Severity Metric:

Related

cve 1
cvelist 1
nvd 1
cve
cve
CVE-2000-0889
2001-02-12 05:00:00
cvelist
cvelist
CVE-2000-0889
2001-02-02 05:00:00
nvd
nvd
CVE-2000-0889
2001-02-12 05:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for VU:470543
cve1cvelist1nvd1