Vulnerabilities > CVE-2002-1407 - Unspecified vulnerability in Adam Megacz Tinyssl

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
adam-megacz

Summary

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Vulnerable Configurations

Part Description Count
Application
Adam_Megacz
1