mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
77 lines
2.6 KiB
JSON
77 lines
2.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "vultures@jpcert.or.jp",
|
|
"ID": "CVE-2017-2278",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "RBB SPEED TEST App for Android",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "version 2.0.3 and earlier"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "RBB SPEED TEST App for iOS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "version 2.1.0 and earlier"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "IID, Inc."
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Fails to verify SSL certificates"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://www.iid.co.jp/information/170714.html",
|
|
"refsource": "MISC",
|
|
"url": "http://www.iid.co.jp/information/170714.html"
|
|
},
|
|
{
|
|
"name": "JVN#24238648",
|
|
"refsource": "JVN",
|
|
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
|
|
}
|
|
]
|
|
}
|
|
} |