Описание
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
Ссылки
- Broken Link
- Third Party AdvisoryUS Government Resource
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party AdvisoryUS Government Resource
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:microsoft:windows_phone_7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:microsoft:windows_phone_7:-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.1469
Средний
5.9 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
EPSS
Процентиль: 94%
0.1469
Средний
5.9 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-295
CWE-295