Certificate Validation Flaw in Alibaba Application for Android
CVE-2014-5976

Currently unrated

Key Information:

Vendor: Alibaba
Status: Alibaba
Vendor: CVE Published:; 20 September 2014

What is CVE-2014-5976?

The Alibaba application for Android, version 4.1.0.0, contains a vulnerability that fails to properly verify X.509 certificates from SSL servers. This flaw potentially enables attackers to execute man-in-the-middle attacks, allowing them to impersonate servers and potentially steal sensitive user information by leveraging forged or malicious SSL certificates.

References

http://www.kb.cert.org/vuls/id/366897

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2014
Vulnerability Reserved
Aug 30, 2014