sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
BID:53254
Info
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 53254 |
| Class: | Design Error |
| CVE: |
CVE-2012-1244 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2012 12:00AM |
| Updated: | Apr 26 2012 12:00AM |
| Credit: | Tsukasa Hamano of Open Source Solution Technology Corporation |
| Vulnerable: |
NTT DOCOMO INC sp mode mail 5400 |
| Not Vulnerable: | |
Discussion
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
sp mode mail is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
sp mode mail versions 5400 and prior are vulnerable.
sp mode mail is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
sp mode mail versions 5400 and prior are vulnerable.
Exploit / POC
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
sp mode mail CVE-2012-1244 SSL Certificate Validation Security Bypass Vulnerability
References:
References: