CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-3908

The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.1%

CVSS Severity

CVSS v2 Score 5.8

References

http://jvn.jp/en/jp/JVN17637243/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102
http://jvn.jp/en/jp/JVN17637243/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102

Products affected by CVE-2014-3908

Amazon » Kindle » Version: 4.4.0

cpe:2.3:a:amazon:kindle:4.4.0
Amazon » Kindle » Version: 4.4.4

cpe:2.3:a:amazon:kindle:4.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3908

Products

Pricing

Contact Us