Summary
This host is installed with Internet Explorer and is prone to Security Bypass vulnerability.
Impact
Successful exploitation will allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attack.
Impact Level: Application
Solution
This NVT is invalidated by secpod_ms09-056.nasl. Refer secpod_ms09-056.nasl for more details
Insight
Microsoft Internet Explorer fails to properly validate '\0' character in the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.
Affected
Microsoft IE version 6.x/7.x/8.x
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2510 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)