ID CVE-2014-6687 Type cve Reporter NVD Modified 2014-10-04T19:46:14
Description
The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [], "modified": "2016-09-03T21:08:04"}, "vulnersScore": 5.0}, "published": "2014-09-23T06:55:08", "cvelist": ["CVE-2014-6687"], "title": "CVE-2014-6687", "objectVersion": "1.2", "type": "cve", "hash": "54f5830a7eb51ae419048199a4d6143a4ee3488f439fc1d37006c7e235255ac2", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6687", "bulletinFamily": "NVD", "id": "CVE-2014-6687", "history": [], "scanner": [], "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "modified": "2014-10-04T19:46:14", "viewCount": 0, "cpe": ["cpe:/a:wsaudichannelalnas_project:wsaudichannelalnas:0.1::~~~android~~"], "edition": 1, "description": "The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.", "references": ["https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "http://www.kb.cert.org/vuls/id/582497"], "lastseen": "2016-09-03T21:08:04", "assessment": {"system": "", "name": "", "href": ""}}
