| Vulnerability Name: | CVE-2001-0338 (CCN-6555) | ||||||||
| Assigned: | 2001-05-16 | ||||||||
| Published: | 2001-05-16 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-0338 Source: CCN Type: CIAC Information Bulletin L-087 Microsoft Internet Explorer Flaws in Certificate Validation Source: CIAC Type: UNKNOWN L-087 Source: CCN Type: US-CERT VU#399087 Internet Explorer incorrectly validates certificates when CRL checking is enabled Source: CCN Type: Microsoft Security Bulletin MS01-027 Flaws in Web Server Certificate Validation Could Enable Spoofing Source: CCN Type: OSVDB ID: 1831 Microsoft IE Server Certificate Validation Failure Source: BID Type: UNKNOWN 2735 Source: CCN Type: BID-2735 Microsoft Internet Explorer Server Certificate Validation Vulnerability Source: MS Type: UNKNOWN MS01-027 Source: XF Type: UNKNOWN ie-crl-certificate-spoofing(6555) Source: XF Type: UNKNOWN ie-crl-certificate-spoofing(6555) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||