← CVECheck
HomeVulnerabilities

CVE-2002-2125 — MEDIUM severity vulnerability (Internet Explorer 6.0 does not warn users when an expired ce)

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.

CVE IDCVE-2002-2125
SeverityMEDIUM
CVSS score6.4
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionInternet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →