Search

Find a vulnerability

Search criteria

    1 vulnerability found for Kindle App for Android by Amazon.com, Inc.

    JVNDB-2014-000102

    Vulnerability from jvndb - Published: 2014-08-29 13:38 - Updated:2014-09-03 18:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    Kindle App for Android fails to verify SSL server certificates
    Details
    Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000102.html",
      "dc:date": "2014-09-03T18:25+09:00",
      "dcterms:issued": "2014-08-29T13:38+09:00",
      "dcterms:modified": "2014-09-03T18:25+09:00",
      "description": "Kindle App for Android fails to verify SSL server certificates.\r\n\r\nHiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000102.html",
      "sec:cpe": {
        "#text": "cpe:/a:amazon:kindle",
        "@product": "Kindle App for Android",
        "@vendor": "Amazon.com, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000102",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN17637243/index.html",
          "@id": "JVN#17637243",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3908",
          "@id": "CVE-2014-3908",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3908",
          "@id": "CVE-2014-3908",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Kindle App for Android fails to verify SSL server certificates"
    }