7445 matches found
CVE-2003-0951
Partition Manager parmgr in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges...
CVE-2003-0951
The CVE-2003-0951 entry concerns HP-UX B.11.23 Partition Manager (parmgr). The root cause is improper validation of certificates provided by the cimserver, enabling attackers to access sensitive data or elevate privileges. Affected component: parmgr within HP-UX; vulnerable aspect is certificate ...
Incorrect Certificate Validation in Java Secure Socket Extension
According to SUN it has been reported that: "the Java Secure Socket Extension JSSE may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions. The Java Plug-in and Java Web Start may incorrectly validate the...
UPDATE: Microsoft Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Certificate Validation Flaw Could Enable Identity Spoofing Q329115 Released: 04 September 2002 Revised: 20 November 2002 version 4.0 Software: Microsoft Windows, Microsoft Office for...
MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (328145)
The remote host contains a version of the CryptoAPI that could allow an attacker to spoof the identity of another user with malformed SSL certificates. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11145; scriptversion"1.49"; scriptcvsdate"Date: 2018/11/15 20:50:29"...
Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
---------------------------------------------------------------------- Title: Certificate Validation Flaw Could Enable Identity Spoofing Q328145 Date: September 04, 2002 Software: Microsoft Windows, Microsoft Office for Mac, Microsoft Internet Explorer for Mac, or Microsoft Outlook Express for...
Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
---------------------------------------------------------------------------- ------- Sentor Torparfar Advisory 001 Title: Insufficient Verification of Client Certificates in IIS 5.0 pre sp3 Date: August 16, 2002 Author: Johan Persson [email protected]...
Проблема с сертификатами в Internet Explorer (certificates spoofing)
Не проверяется правильность сертификата для элементов ключенных внутрь страницы...
CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List CRL checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."...
Netscape fails to revalidate certificates if a user has previously acknowledged a certificate to be non-matching
Overview A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. This is different from the problem reported in CERT Advisory CA-2000-05, but it has a similar impact. This...
CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List CRL checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."...
Security Bulletin MS01-027
---------------------------------------------------------------------- Title: Flaws in Web Server Certificate Validation Could Enable Spoofing Date: 16 May 2001 Software: Internet Explorer Impact: Spoofing of trusted web site Bulletin: MS01-027 Microsoft encourages customers to review the...
Internet Explorer incorrectly validates certificates when CRL checking is enabled
Overview Microsoft Internet Explorer IE fails to properly validate certificates when CRL checking is enabled. As a result, sensitive information may be exposed. Description Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One ver...
CVE-2000-0519
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities...
CVE-2000-0518
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities...
CVE-2000-0406
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability...
CVE-2000-0518
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities...
Advisory CA-2000-08
CERT Advisory CA-2000-08 Inconsistent Warning Messages in Netscape Navigator Original release date: May 26, 2000 Last Revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Netscape Navigator, up to and including Navigator 4.73, withou...
new vulnerability in Netscape effectively disables SSL server auth
-----BEGIN PGP SIGNED MESSAGE----- Introduction ============ This vulnerability defeats SSL server authentication in Netscape 4.73 and earlier versions. This is a new vulnerability unrelated to CERT advisory 2000-5. However, it has a similar devastating effect: destroying SSL server authenticatio...
CVE-2000-0406
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability...