Portée | Impact | Probabilité |
---|---|---|
Access Control | Gain Privileges or Assume Identity Note: Trust may be assigned to an entity who is not who it claims to be. | |
Integrity Other | Other Note: Data from an untrusted (and possibly malicious) source may be integrated. | |
Confidentiality | Read Application Data Note: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure. |
Références | Description |
---|---|
CVE-2011-2014 | LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate. |
CVE-2011-0199 | Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate. |
CVE-2010-5185 | Antivirus product does not check whether certificates from signed executables have been revoked. |
CVE-2009-3046 | Web browser does not check if any intermediate certificates are revoked. |
CVE-2009-0161 | chain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate. |
CVE-2011-2701 | chain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate. |
CVE-2011-0935 | Router can permanently cache certain public keys, which would allow bypass if the certificate is later revoked. |
CVE-2009-1358 | chain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate. |
CVE-2009-0642 | chain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate. |
CVE-2008-4679 | chain: web service component does not call the expected method, which prevents a check for revoked certificates. |
CVE-2006-4410 | Certificate revocation list not searched for certain certificates. |
CVE-2006-4409 | Product cannot access certificate revocation list when an HTTP proxy is being used. |
Nom | Organisation | Date | Date de publication | Version |
---|---|---|---|---|
CLASP | Draft 3 |
Nom | Organisation | Date | Commentaire |
---|---|---|---|
Eric Dalci | Cigital | updated Time_of_Introduction | |
CWE Content Team | MITRE | updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Description, Name, Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Other_Notes | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated References, Relationships | |
CWE Content Team | MITRE | updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Type | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type | |
CWE Content Team | MITRE | updated Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction | |
CWE Content Team | MITRE | updated Demonstrative_Examples | |
CWE Content Team | MITRE | updated References, Relationships | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Modes_of_Introduction | |
CWE Content Team | MITRE | updated Detection_Factors, Relationships, Time_of_Introduction | |
CWE Content Team | MITRE | updated Mapping_Notes |