CVE-2012-2993 in Windows Phoneinfo

Zusammenfassung (Englisch)

Microsoft Windows Phone 7 does not verify the domain name in the subject s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

30.05.2012

Veröffentlichung

17.09.2012

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
6525	Microsoft Windows Phone Certificate Subject Common Name schwache Verschlüsselung	310	Proof-of-Concept	Unavailable	CVE-2012-2993
4484	Microsoft Windows Phone SMS Service schwache Verschlüsselung	310	Proof-of-Concept	Unavailable	CVE-2012-2993

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!