Lucene search
Copyright (C) 2009 Greenbone AGOPENVAS:1361412562310801109HistoryOct 06, 2009 - 12:00 a.m.
Microsoft IE CA SSL Certificate Security Bypass Vulnerability (Oct 2009)
2009-10-0600:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
15
6.4 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.951 High
EPSS
Percentile
99.3%
Internet Explorer is prone to a security bypass vulnerability.
This VT has been replaced by VT
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801109");
script_version("2023-06-27T05:05:30+0000");
script_tag(name:"last_modification", value:"2023-06-27 05:05:30 +0000 (Tue, 27 Jun 2023)");
script_tag(name:"creation_date", value:"2009-10-06 07:21:15 +0200 (Tue, 06 Oct 2009)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2009-2510");
script_name("Microsoft IE CA SSL Certificate Security Bypass Vulnerability (Oct 2009)");
script_xref(name:"URL", value:"http://www.wired.com/threatlevel/2009/07/kaminsky/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/36475");
script_xref(name:"URL", value:"http://www.networkworld.com/news/2009/073009-more-holes-found-in-webs.html");
script_xref(name:"URL", value:"http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"registry");
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Windows");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to perform man-in-the-middle
attacks or impersonate trusted servers, which will aid in further attack.");
script_tag(name:"affected", value:"Microsoft IE version 6.x/7.x/8.x.");
script_tag(name:"insight", value:"Microsoft Internet Explorer fails to properly validate '\0' character in the
domain name in a signed CA certificate, allowing attackers to substitute
malicious SSL certificates for trusted ones.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"summary", value:"Internet Explorer is prone to a security bypass vulnerability.
This VT has been replaced by VT 'Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)' (OID: 1.3.6.1.4.1.25623.1.0.900876).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66); # This plugin is invalidated by secpod_ms09-056.nasl
Related
checkpoint_advisories
checkpoint_advisories
openvas
openvas
Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
2009-10-06 00:00:00
Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
2009-10-14 00:00:00
Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
2009-10-14 00:00:00
seebug
seebug
Microsoft Windows CryptoAPI็ปไปถCA SSL่ฏไนฆ้ช่ฏๆผๆด๏ผMS09-056๏ผ
2009-10-19 00:00:00
nessus
nessus
MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
2009-10-13 00:00:00
cve
cve
CVE-2009-3454
2009-09-29 18:00:00
CVE-2009-2510
2009-10-14 10:30:00
securityvulns
securityvulns
prion
prion
Sql injection
2009-10-14 10:30:00
6.4 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.951 High
EPSS
Percentile
99.3%
Related for OPENVAS:1361412562310801109