exploitDog

CVE-2005-3170

Опубликовано: 06 окт. 2005

Источник: nvd

CVSS3: 5

CVSS2: 5.1

EPSS Низкий

Описание

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

Ссылки

http://support.microsoft.com/kb/883639
Broken Link
Patch
Vendor Advisory
http://support.microsoft.com/kb/900345
Broken Link
Patch
Vendor Advisory
http://support.microsoft.com/kb/883639
Broken Link
Patch
Vendor Advisory
http://support.microsoft.com/kb/900345
Broken Link
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

EPSS

Процентиль: 73%

0.00777

Низкий

5 Medium

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-295

CWE-295

Связанные уязвимости

GHSA-rc36-f2pm-xcjg

CVSS3: 5

github

почти 4 года назад

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

EPSS

Процентиль: 73%

0.00777

Низкий

5 Medium

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-295

CWE-295