CVE-2012-5810 in Chase mobileinfo

Summary

The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

11/04/2012

Disclosure

11/04/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.00111

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5810
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5810
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5810/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!