|
[Japanese]
|
JVNDB-2012-000037
|
sp mode mail issue in the verification of SSL certificates
|
|
sp mode mail contains an issue in the verification of the SSL server certificate.
sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.
Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
Base Metrics:
4.0 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
|
NTT DOCOMO, INC.
- sp mode mail version 5400 and earlier
|
According to the developer, only sp mode mail applications for Android are affected.
|
|
Since no warning is issued when connecting to a server that is using an invalid SSL server certificate, a remote attacker may be able to intercept communications.
|
|
[Update the software]
Update to the latest version according to the information provided by the developer.
|
|
NTT DOCOMO, INC.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2012-1244
|
|
- JVN : JVN#82029095
- National Vulnerability Database (NVD) : CVE-2012-1244
|
|
[2012/04/26]
Web page was published
|
