Search criteria
1 vulnerability found for Kindle App for Android by Amazon.com, Inc.
JVNDB-2014-000102
Vulnerability from jvndb - Published: 2014-08-29 13:38 - Updated:2014-09-03 18:25Summary
Kindle App for Android fails to verify SSL server certificates
Details
Kindle App for Android fails to verify SSL server certificates.
Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000102.html",
"dc:date": "2014-09-03T18:25+09:00",
"dcterms:issued": "2014-08-29T13:38+09:00",
"dcterms:modified": "2014-09-03T18:25+09:00",
"description": "Kindle App for Android fails to verify SSL server certificates.\r\n\r\nHiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000102.html",
"sec:cpe": {
"#text": "cpe:/a:amazon:kindle",
"@product": "Kindle App for Android",
"@vendor": "Amazon.com, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000102",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17637243/index.html",
"@id": "JVN#17637243",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3908",
"@id": "CVE-2014-3908",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3908",
"@id": "CVE-2014-3908",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Kindle App for Android fails to verify SSL server certificates"
}