Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability. This NVT has been superseded by KB2718704 Which is addressed in NVT gb_unauth_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802634).
Insight
Insight
The flaw is due to an error when handling the fraudulent digital certificates issued by Entrust and GTE CyberTrust. It is not properly validating its identity.
Affected Software
Affected Software
Windows 7 Service Pack 1 and prior Windows XP Service Pack 3 and prior Windows Vista Service Pack 2 and prior Windows Server 2003 Service Pack 2 and prior Windows Server 2008 Service Pack 2 and prior
Solution
Solution
Apply the Patch from the referenced advisory.