Vulnerability Note VU#470543
Sun Microsystems Keys exposed and revoked
Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are
3181 B12D C422 5DAC A340 CF86 2710 ABE6
1705 FB13 A22F 9AF3 C130 F562 6E12 504C
Users who accept these certificates into their browser may inadvertently run malicious code signed by the compromised certificates. Any such code would appear to be from Sun Microsystems, thus creating a misleading sense of trust.
Systems Affected (Learn More)
No information available. If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
This document was written by Shawn Hernan.
- CVE IDs: CAN-2000-0889
- CERT Advisory: CA-2000-19
- Date Public: 24 Oct 2000
- Date First Published: 12 Dec 2000
- Date Last Updated: 18 Jan 2001
- Severity Metric: 0.16
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.