CWE-296 17 個 CVE MITRE 定義 ↗

CWE-296:Improper Following of a Certificate's Chain of Trust

概覽

CWE-296(Improper Following of a Certificate's Chain of Trust)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

背景詳情

來自 CWE 目錄的擴展上下文(由 MITRE XHTML 渲染)。

The trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate. In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate-wielding resource is at the other end of the chain. If the product receives a certificate at the end of one of these trust chains and then proceeds to check only the first link in the chain, no real trust has been derived, since the entire chain must be traversed back to a trusted source to verify the certificate.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Web Based Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-24066 2026-06-10 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool…
CVE-2026-42789 2026-05-27 Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certific…
CVE-2026-44852 2026-05-12 An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticat…
CVE-2025-10539 2026-04-28 Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime updat…
CVE-2026-33779 2026-04-09 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to c…
CVE-2026-27134 2026-02-20 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA wit…
CVE-2026-27133 2026-02-20 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate…
CVE-2025-48057 2025-05-27 Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.1…
CVE-2025-22459 2025-04-08 Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and …
CVE-2024-43196 2025-02-19 IBM OpenPages with Watson 8.3 and 9.0  application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.
CVE-2025-1146 2025-02-12 CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the F…
CVE-2021-44532 2022-02-24 Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating con…
CVE-2021-23162 2021-11-18 Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre M…
CVE-2021-23155 2021-11-18 Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mo…
CVE-2021-1566 2021-06-16 A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an…
CVE-2019-3762 2020-03-18 Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulner…
CVE-2019-3890 2019-08-01 It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to…

曾用名

  • Failure to Follow Chain of Trust in Certificate Validation (2009-03-10)
  • Improper Following of Chain of Trust for Certificate Validation (2013-02-21)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Description, Name, Relationships
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2010-12-13 CWE Content Team 1.11 updated Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2013-02-21 CWE Content Team 2.4 updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, References, Relationships
2013-07-17 CWE Content Team 2.5 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Demonstrative_Examples, Relationships
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships
2018-03-27 CWE Content Team 3.1 updated Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction
2019-09-19 CWE Content Team 3.4 updated Demonstrative_Examples
2020-02-24 CWE Content Team 4.0 updated Demonstrative_Examples, References, Relationships
2021-07-20 CWE Content Team 4.5 updated Demonstrative_Examples
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-04-28 CWE Content Team 4.7 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description, Modes_of_Introduction
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Background_Details, Description, Diagram
cvelogic Threat Intelligence