{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2017-11-29T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none"}]}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0743", "datePublished": "2013-01-25T18:00:00", "dateRejected": "2013-02-07T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2017-11-29T18:57:01", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none"}], "id": "CVE-2013-0743", "lastModified": "2023-11-07T02:13:55.203", "metrics": {}, "published": "2013-01-25T18:55:01.210", "references": [], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2013:0213", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nspr-0:4.9.2-0.el6_3.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-01-31T00:00:00Z"}, {"advisory": "RHSA-2013:0213", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-0:3.13.6-2.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-01-31T00:00:00Z"}, {"advisory": "RHSA-2013:0213", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-util-0:3.13.6-1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-01-31T00:00:00Z"}], "bugzilla": {"description": "nss: Dis-trust TURKTRUST mis-issued *.google.com certificate", "id": "890605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890605"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["[REJECTED CVE] TURKTRUST, a certificate authority in Mozilla\u2019s root program, had mis-issued two intermediate certificates to customers. One of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website. Additionally, If the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control. An attacker armed with a fraudulent SSL certificate and an ability to control their victim\u2019s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software."], "name": "CVE-2013-0743", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ca-certificates", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-01-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0743\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0743\nhttp://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-20.html\nhttps://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/"], "threat_severity": "Important"}