CVE-2002-2125Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
2.2%
top 15.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 31
Latest updateApr 30

Description

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer6.0.2600, 6.0.2800.1106+1
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-p57w-8x45-95g7: Internet Explorer 62022-04-30
CVEList
CVE-2002-2125: Internet Explorer 62005-11-16
CVE-2002-2125 — Microsoft vulnerability | cvebase