Search criteria
3 vulnerabilities found for verizon by gunhillwireless
VAR-201409-0791
Vulnerability from variot - Updated: 2025-04-13 19:59The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0791",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "verizon",
"scope": "eq",
"trust": 2.4,
"vendor": "gunhillwireless",
"version": "0.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appsgeyser",
"version": null
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.8,
"vendor": "besttoolbars",
"version": "created with android application"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.3,
"vendor": "appsgeyser",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:besttoolbars:appsgeyser",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "71760"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2014-5755",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004043",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-73697",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5755",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5755",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2014-004043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-289",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73697",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73697"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5755"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "VULHUB",
"id": "VHN-73697"
}
],
"trust": 5.4
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#582497",
"trust": 4.4
},
{
"db": "NVD",
"id": "CVE-2014-5755",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#1680209",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#820537",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90369988",
"trust": 1.6
},
{
"db": "BID",
"id": "71760",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU95399358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-73697",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-73697"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"id": "VAR-201409-0791",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-73697"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T19:59:11.860000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security with HTTPS and SSL",
"trust": 0.8,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"title": "AppsGeyser",
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"title": "com.wverizonwirelessbill",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.wverizonwirelessbill"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73697"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://docs.google.com/spreadsheets/d/1t5gxwjw82syunalvjb2w0zi3folrikfgpc7amjrf0r4/edit?usp=sharing"
},
{
"trust": 3.6,
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"trust": 1.6,
"url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
},
{
"trust": 1.6,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"trust": 1.6,
"url": "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p49.pdf"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p50-fahl.pdf"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/296.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu90369988/index.html"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/1680209"
},
{
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95399358/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5755"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5755"
},
{
"trust": 0.8,
"url": "https://www.securecoding.cert.org/confluence/pages/viewpage.action;jsessionid=38139e999b01085a7ae8552ac02eac05?pageid=134807561"
},
{
"trust": 0.8,
"url": "https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm"
},
{
"trust": 0.8,
"url": "https://www.cert.org/blogs/certcc/post.cfm?entryid=204"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20140919_1.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71760"
},
{
"trust": 0.3,
"url": "http://www.appsgeyser.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-73697"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "VULHUB",
"id": "VHN-73697"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2014-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-73697"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"date": "2014-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"date": "2014-09-09T10:55:11.207000",
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2016-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-73697"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006072"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-289"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-5755"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AppsGeyser generates Android applications that fail to properly validate SSL certificates",
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
}
}
CVE-2014-5755 (GCVE-0-2014-5755)
Vulnerability from nvd – Published: 2014-09-09 10:00 – Updated: 2024-08-06 11:55
VLAI?
Summary
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:49.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#820537",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-09T02:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#820537",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#820537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-5755",
"datePublished": "2014-09-09T10:00:00.000Z",
"dateReserved": "2014-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:55:49.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5755 (GCVE-0-2014-5755)
Vulnerability from cvelistv5 – Published: 2014-09-09 10:00 – Updated: 2024-08-06 11:55
VLAI?
Summary
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:49.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#820537",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-09T02:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#820537",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#820537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/820537"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-5755",
"datePublished": "2014-09-09T10:00:00.000Z",
"dateReserved": "2014-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:55:49.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}