Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1967

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-1967
Last Modified 27 Feb 2014 01:58:12
Published 26 Feb 2014 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1967

Summary

The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Systems

Application

  • 7andi-fs.co Denny%27s 1.0.1

  • 7andi-fs.co Denny%27s 1.0.2

  • 7andi-fs.co Denny%27s 2.0.0


References

CONFIRM - https://play.google.com/store/apps/details?id=jp.denimoba

JVNDB - JVNDB-2014-000022

JVN - JVN#48810179


Last Updated: 27 May 2016 10:56:45