CVE-2000-0519

Description

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

Affected products

• Microsoft / ie4.0 – 4.0
• Microsoft / ie4.0 – 4.0
• Microsoft / ie4.0.1 – 4.0.1
• Microsoft / ie4.0.1 – 4.0.1
• Microsoft / ie4.0.1 – 4.0.1
• Microsoft / ie5.0 – 5.0
• Microsoft / ie5.0 – 5.0
• Microsoft / ie5.0 – 5.0
• Microsoft / ie5.0 – 5.0
• Microsoft / ie5.0.1 – 5.0.1
• Microsoft / ie5.0.1 – 5.0.1
• Microsoft / ie5.0.1 – 5.0.1
• Microsoft / ie5.0.1 – 5.0.1
• Microsoft / internet_explorer4.0 – 4.0

References

• MISChttp://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-10.html
• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039
• MISChttp://www.securityfocus.com/bid/1309
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/4627