Lucene search
K

3 matches found

seebug.org
seebug.org
added 2012/09/20 12:0 a.m.32 views

Microsoft Windows Phone 7 SSL证书'Common Name'验证安全限制绕过漏洞

BUGTRAQ ID: 55569 CVE ID: CVE-2012-2993 Windows Phone 7是微软公司发布的一款手机操作系统,于2010年10月11日发布,它将微软旗下产品整合至手机中,并使用Metro作为设计语言。 Microsoft Windows Phone 7没有正确验证服务器的SSL证书,可允许攻击者执行中间人攻击或模拟受信任服务器。 0 Microsoft Windows Phone 7 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

2.6CVSS6.4AI score0.03595EPSS
Exploits1
CVE
CVE
added 2012/09/18 1:0 a.m.69 views

CVE-2012-2993

Microsoft Windows Phone 7 is affected: it does not verify the domain name in the server certificate’s Common Name, enabling MITM spoofing for SSL connections over POP3/IMAP/SMTP with arbitrary valid certificates. Affected software is Windows Phone 7; vulnerable component is certificate CN verific...

5.9CVSS5.6AI score0.03595EPSS
Exploits1References5Affected Software1
CERT
CERT
added 2012/09/17 12:0 a.m.24 views

Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.

Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...

5.9CVSS5.5AI score0.03595EPSS
Exploits1References1
Rows per page
Query Builder