CVE-2014-3908 - OpenCVE

The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Amazon	Kindle

Configuration 1 [-]

OR	cpe:2.3:a:amazon:kindle::::::android::*
	cpe:2.3:a:amazon:kindle:4.4.0:::::android::

References

Link	Resource
http://jvn.jp/en/jp/JVN17637243/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2014-08-30T10:00:00

Updated: 2014-08-30T02:57:00

Reserved: 2014-05-27T00:00:00

Link: CVE-2014-3908

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-08-30T09:55:05.313

Modified: 2014-09-02T18:04:50.450

Link: CVE-2014-3908

JSON object: View

Redhat Information

No data.

CWE

CWE-310