Vulnerability Details CVE-2012-1244
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v2 Score 5.8
References
- http://jvn.jp/en/jp/JVN82029095/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037
- http://osvdb.org/81629
- http://secunia.com/advisories/48955
- http://www.securityfocus.com/bid/53254
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75159
- http://jvn.jp/en/jp/JVN82029095/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037
- http://osvdb.org/81629
- http://secunia.com/advisories/48955
- http://www.securityfocus.com/bid/53254
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75159
Products affected by CVE-2012-1244
-
cpe:2.3:a:nttdocomo:spmode_mail_android:2546
-
cpe:2.3:a:nttdocomo:spmode_mail_android:2631
-
cpe:2.3:a:nttdocomo:spmode_mail_android:3000
-
cpe:2.3:a:nttdocomo:spmode_mail_android:3100
-
cpe:2.3:a:nttdocomo:spmode_mail_android:3200
-
cpe:2.3:a:nttdocomo:spmode_mail_android:3300
-
cpe:2.3:a:nttdocomo:spmode_mail_android:3400
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4000
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4200
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4300
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4400
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4500
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4600
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4700
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4800
-
cpe:2.3:a:nttdocomo:spmode_mail_android:4900
-
cpe:2.3:a:nttdocomo:spmode_mail_android:5000
-
cpe:2.3:a:nttdocomo:spmode_mail_android:5100
-
cpe:2.3:a:nttdocomo:spmode_mail_android:5200
-
cpe:2.3:a:nttdocomo:spmode_mail_android:5300
-
cpe:2.3:a:nttdocomo:spmode_mail_android:5400