VAR-201410-0285
Vulnerability from variot - Updated: 2024-05-17 20:09The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: nTelos Wireless has indicated that this vulnerability report is incorrect. ** Unsettled ** This case has not been confirmed as a vulnerability. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. There is a security vulnerability in version 1.1.2 of the Android My nTelos application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "my ntelos",
"scope": "eq",
"trust": 1.6,
"vendor": "nteloswireless",
"version": "1.1.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appsgeyser",
"version": null
},
{
"model": "my ntelos",
"scope": "eq",
"trust": 0.8,
"vendor": "ntelos",
"version": "1.1.2"
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.8,
"vendor": "besttoolbars",
"version": "created with android application"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.3,
"vendor": "appsgeyser",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nteloswireless:my_ntelos:1.1.2:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "71760"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-7042",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004043",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-74986",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-7042",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-004043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-74986",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: nTelos Wireless has indicated that this vulnerability report is incorrect. ** Unsettled ** This case has not been confirmed as a vulnerability. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. There is a security vulnerability in version 1.1.2 of the Android My nTelos application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7042"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "VULHUB",
"id": "VHN-74986"
}
],
"trust": 5.4
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#582497",
"trust": 4.4
},
{
"db": "NVD",
"id": "CVE-2014-7042",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#1680209",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#898593",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90369988",
"trust": 1.6
},
{
"db": "BID",
"id": "71760",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95399358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-74986",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-74986"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"id": "VAR-201410-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-74986"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-17T20:09:30.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security with HTTPS and SSL",
"trust": 0.8,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"title": "AppsGeyser",
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74986"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://docs.google.com/spreadsheets/d/1t5gxwjw82syunalvjb2w0zi3folrikfgpc7amjrf0r4/edit?usp=sharing"
},
{
"trust": 3.6,
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/898593"
},
{
"trust": 1.6,
"url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
},
{
"trust": 1.6,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"trust": 1.6,
"url": "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p49.pdf"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p50-fahl.pdf"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/296.html"
},
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu90369988/index.html"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/1680209"
},
{
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7042"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7042"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95399358/index.html"
},
{
"trust": 0.8,
"url": "https://www.securecoding.cert.org/confluence/pages/viewpage.action;jsessionid=38139e999b01085a7ae8552ac02eac05?pageid=134807561"
},
{
"trust": 0.8,
"url": "https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm"
},
{
"trust": 0.8,
"url": "https://www.cert.org/blogs/certcc/post.cfm?entryid=204"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20140919_1.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71760"
},
{
"trust": 0.3,
"url": "http://www.appsgeyser.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-74986"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-74986"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2014-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-74986"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2019-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"date": "2014-10-16T19:55:12.817000",
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2016-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-74986"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2019-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008671"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-560"
},
{
"date": "2024-05-17T01:01:06.023000",
"db": "NVD",
"id": "CVE-2014-7042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AppsGeyser generates Android applications that fail to properly validate SSL certificates",
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…