Lucene search

[email protected]CVE-2001-0338

HistorySep 18, 2001 - 4:00 a.m.

CVE-2001-0338

2001-09-1804:00:00

[email protected]

web.nvd.nist.gov

internet explorer 5.5

digital certificates

certificate revocation list

spoofing

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the “Server certificate validation vulnerability.”

Affected configurations

NVD

Node

microsoftinternet_explorerRange≤5.5

microsoftinternet_explorerMatch5.01

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorerle5.5
microsoft:internet_explorermicrosoft internet explorereq5.01

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	le	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.01

References

www.ciac.org/ciac/bulletins/l-087.shtml

www.securityfocus.com/bid/2735

docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027

exchange.xforce.ibmcloud.com/vulnerabilities/6555

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2001-0338

cert1 cvelist1 nvd1