Man-in-the-Middle Vulnerability in Yahoo! Japan Box for Android
CVE-2014-5881

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yahoo Ybox
Vendor: CVE Published:; 11 September 2014

What is CVE-2014-5881?

The Yahoo! Japan Box application for Android fails to adequately verify X.509 certificates from SSL servers. This vulnerability enables attackers to perform man-in-the-middle attacks, allowing them to spoof servers by presenting maliciously crafted certificates. As a result, sensitive information transmitted between users and servers may be intercepted and exploited.

References

http://www.kb.cert.org/vuls/id/228385

third-party-advisoryx_refsource_CERT-VN

http://jvn.jp/en/jp/JVN48270605/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html

third-party-advisoryx_refsource_JVNDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2014
Vulnerability Reserved
Aug 30, 2014

CVE-2014-5881 Data

JSON