CVE-2017-2387

Sažetak

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Reference

http://www.info-sec.ca/advisories/Apple-Music.html
http://www.securityfocus.com/bid/97390
https://support.apple.com/HT207605

CVSS

Base:	2.9
Impact:	2.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

07-04-2017 - 11:59