{"vuid":"VU#470543","idnumber":"470543","name":"Sun Microsystems Keys exposed and revoked","keywords":["Sun","X.509","certificate","revoke","revocation"],"overview":"Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are 3181 B12D C422 5DAC A340 CF86 2710 ABE6 and 1705 FB13 A22F 9AF3 C130 F562 6E12 504C","clean_desc":"The description below is an excerpt from Sun Security Bulletin 198. Sun Microsystems, Inc. Security Bulletin\n                     Bulletin Number: #00198\n                     Date: October 24, 2000\n                     Cross-Ref: Title: Browser Certificates 1.Bulletin Topics Sun advises of a potential compromise of 2 specific security certificates which had limited distribution. Sun recommends that you follow the directions found at http://sunsolve5.sun.com/secbull/certificate_howto.html to determine if\n                           your web browser has accepted any of the potentially compromised certificates. 2.Who is Affected A web browser that has accepted a Sun certificate with one the following serial numbers: 3181 B12D C422 5DAC A340 CF86 2710 ABE6 (Internet Explorer) \n                                  17:05:FB:13:A2:2F:9A:F3:C1:30:F5:62:6E:12:50:4C (Netscape) 3.Understanding the Vulnerability Web browsers accept security certificates from trusted sources. A specific certificate from Sun may have received outside\n                           exposure. Systems that encounter this certificate are potentially vulnerable to attack from malicious applets, applications or components. 4.Corrective Action Follow the instructions at http://sunsolve5.sun.com/secbull/certificate_howto.html to determine if your browser has accepted one\n                           of the potentially compromised certificates. If your browser contains this particular certificate, follow the instructions to remove it.","impact":"Users who accept these certificates into their browser may inadvertently run malicious code signed by the compromised certificates. Any such code would appear to be from Sun Microsystems, thus creating a misleading sense of trust.","resolution":"","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Shawn Hernan.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","1","8","5","1"],"cveids":["CVE-2000-0889"],"certadvisory":"CA-2000-19","uscerttechnicalalert":null,"datecreated":"2000-10-23T17:27:34Z","publicdate":"2000-10-24T00:00:00Z","datefirstpublished":"2000-12-12T23:37:29Z","dateupdated":"2001-01-18T19:28:42Z","revision":8,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"2","cam_impact":"15","cam_easeofexploitation":"2","cam_attackeraccessrequired":"9","cam_scorecurrent":"0.162","cam_scorecurrentwidelyknown":"0.212625","cam_scorecurrentwidelyknownexploited":"0.415125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.162,"vulnote":null}