X.509 Certificate Verification Flaw in Yahoo! Japan Shopping for Android
CVE-2013-4700

Currently unrated

Key Information:

Vendor: Yahoo
Status: Japan Shopping
Vendor: CVE Published:; 21 August 2013

What is CVE-2013-4700?

The Yahoo! Japan Shopping application for Android versions 1.4 and earlier lacks proper verification of X.509 certificates from SSL servers. This deficiency allows man-in-the-middle attackers to exploit the vulnerability by presenting a forged certificate, thereby spoofing trusted servers. As a result, sensitive user information may be intercepted and compromised, creating significant security risks for users of the application.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN75084836/index.html

third-party-advisoryx_refsource_JVN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 21, 2013

CVE-2013-4700 Data

JSON