Title: Microsoft Internet Explorer Server Certificate Validation Vulnerability
Severity: MODERATE
Description:
A digital certificate is a method for users to confirm the authenticity of various web servers, ActiveX controls, macros etc. In order for one to verify authenticity, digital certificates must contain information such as a name, serial number, the holder of the certificates public key and the digital signature of the certificate issuing authority.
Certificate Revocation List (CRL) is a list of untrustworthy digital certificates. The list contains serial numbers of certificates that have been revoked, along with an explanation of the revocation. CRLs reside in a directory available for applications to inspect the revocation status of certificates before trusting them.
IE can be configured to check the CRL when a web server presents a certificate or when an Active X control is downloaded. Certain configurations can create a condition where certain checks on certificates are omitted.
If Internet Explorer is configured to check the CRL when a web server presents it's certificate, various other checks may not be performed. The omitted checks include ensuring the expiration date of the certificate is appropriate, that the certificate issuer is trusted and that the name on the certificate matches the name the certificate is registered to.
This vulnerability could enable an attacker's website to simulate a trusted site. A user may view and utilize various features available on the malicious web site assuming that the site they are visiting is legitimate based on the supposed authenticity of the certificate.
Successful exploitation of this vulnerability could assist in further attacks against the user.
**It has been reported that this vulnerability may not have been properly fixed or that a later patch has disabled the patch for this vulnerability. Posts to the Bugtraq list suggest that fully patched versions of Internet Explorer 6 are still vulnerable to this issue.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS01-027
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
