Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 Network Vulnerability

Summary

This host is installed with Internet Explorer and is prone to Security Bypass vulnerability.

Impact

Successful exploitation will allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attack. Impact Level: Application

Solution

This NVT is invalidated by secpod_ms09-056.nasl. Refer secpod_ms09-056.nasl for more details

Insight

Microsoft Internet Explorer fails to properly validate '\0' character in the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones.

Affected

Microsoft IE version 6.x/7.x/8.x

References

http://www.wired.com/threatlevel/2009/07/kaminsky/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2510

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Apache /server-info accessible
Apache Tomcat Multiple Vulnerabilities - 02 Mar14
Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)

Take action and discover your vulnerabilities