← CVECheck
HomeVulnerabilities

CVE-2002-1407 — HIGH severity vulnerability (TinySSL 1.02 and earlier does not verify the Basic Constrain)

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

CVE IDCVE-2002-1407
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2003-04-11
Last modified2026-04-16
DescriptionTinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →