Description
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2006-0552)
Oracle Database Server CVE-2015-0468 Vulnerability (CVE-2015-0468)
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-42040)
WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)