CVE-2001-0338

medium

Description

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6555

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027

http://www.securityfocus.com/bid/2735

http://www.ciac.org/ciac/bulletins/l-087.shtml

Details

Source: Mitre, NVD

Published: 2001-06-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.01673