CVE-2002-2125

medium

Description

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.

References

http://www.securityfocus.com/archive/1/292842

http://www.iss.net/security_center/static/10180.php

http://www.securityfocus.com/bid/5778

Details

Source: MITRE

Published: 2002-12-31

Updated: 2021-07-23

Type: NVD-CWE-Other

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM