Summaryinfo

A vulnerability was found in Jazeera Airways 2.7 and classified as critical. The impacted element is an unknown function of the component X.509 Certificate Handler. Executing a manipulation can lead to cryptographic issue. This vulnerability is tracked as CVE-2014-6899. No exploit exists.

Detailsinfo

A vulnerability was found in Jazeera Airways 2.7. It has been declared as critical. This vulnerability affects an unknown code of the component X.509 Certificate Handler. The manipulation with an unknown input leads to a cryptographic issue vulnerability. The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

The weakness was disclosed 10/02/2014 as confirmed advisory (CERT.org). The advisory is available at kb.cert.org. This vulnerability was named CVE-2014-6899 since 09/19/2014. The attack needs to be initiated within the local network. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1600 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-71433, VDB-71432, VDB-71431 and VDB-71430 are pretty similar. Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• Jazeera Airways

Version

• 2.7

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion