Microsoft Internet Explorer服务器证书验证漏洞

漏洞信息详情

Microsoft Internet Explorer服务器证书验证漏洞

• CNNVD编号：CNNVD-200106-161
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0338
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Posted in a Micros…

Internet Explorer 5.5及其早期版本在证书撤销列表（CRL）检查启用时不能正确验证数字证书。远程攻击者哄骗受信任的网站，也称为“服务器证书验证漏洞”。

Microsoft has released a patch which addresses this issue:
http://www.microsoft.com/windows/ie/download/critical/q295106/default.asp
Service Pack 2 for Internet Explorer 5.5 fixes this vulnerability:
http://download.microsoft.com/download/ie55sp2/install/5.5_sp2/win98me/en-us/ie5setup.exe
Reports indicate that a later patch may have negated the effects of this patch or that the patch never properly solved this issue.

来源: MS
名称: MS01-027
链接:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

来源: XF
名称: ie-crl-certificate-spoofing(6555)
链接:http://xforce.iss.net/static/6555.php

来源: BID
名称: 2735
链接:http://www.securityfocus.com/bid/2735

来源: CIAC
名称: L-087
链接:http://www.ciac.org/ciac/bulletins/l-087.shtml