Vulnerability Description
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 2.1 |
Related Weaknesses (CWE)
References
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba
- http://jvn.jp/en/jp/JVN43105011/index.html
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html
- https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31f
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba
- http://jvn.jp/en/jp/JVN43105011/index.html
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html
- https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31f
FAQ
What is CVE-2010-4832?
CVE-2010-4832 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sour...
How severe is CVE-2010-4832?
CVE-2010-4832 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4832?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.