CVE-2014-3902

CVE-2014-3902

Name

CVE-2014-3902

Description

The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
JVNDB	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000098
JVN	http://jvn.jp/en/jp/JVN27702217/index.html
Patch	https://www.cyberagent.co.jp/info/detail/id=9185
Patch	https://play.google.com/store/apps/details?id=jp.ameba

Type

URI

JVNDB

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000098

JVN

http://jvn.jp/en/jp/JVN27702217/index.html

Patch

https://www.cyberagent.co.jp/info/detail/id=9185

Patch

https://play.google.com/store/apps/details?id=jp.ameba

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cyberagent:ameba::::::android::*`	ameba	>= None	<= 4.4.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:cyberagent:ameba:*:*:*:*:*:android:*:*

ameba

>= None

<= 4.4.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ameba	3.17-community	1.3.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
ameba	3.18-community	1.4.3-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
ameba	3.19-community	1.5.0-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
ameba	3.20-community	1.6.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
ameba	edge-community	1.6.3-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ameba

3.17-community

1.3.1-r0

Jakub Jirutka <jakub@jirutka.cz>

possibly vulnerable

ameba

3.18-community