CVE-2010-4832
First published: Wed May 14 2014(Updated: )
Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | <=2.1 | |
| Android | =1.0 | |
| Android | =1.1 | |
| Android | =1.5 | |
| Android | =1.6 | |
| Android | =2.0 | |
| Android | =2.0.1 | |
| <=2.1 | ||
| =1.0 | ||
| =1.1 | ||
| =1.5 | ||
| =1.6 | ||
| =2.0 | ||
| =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000053.html
- http://jvn.jp/en/jp/JVN43105011/index.html
- https://gitorious.org/atrix-aosp/frameworks_base/commit/dba8cb76371960457e91b31fa396478f809a5a34
- http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=dba8cb76371960457e91b31fa396478f809a5a34
- http://android.git.kernel.org/?p=platform/frameworks/base.git%3Ba=commit%3Bh=dba8cb76371960457e91b31fa396478f809a5a34
Frequently Asked Questions
What is the severity of CVE-2010-4832?
CVE-2010-4832 is classified as a high severity vulnerability due to the risk of SSL certificate spoofing.
How do I fix CVE-2010-4832?
To mitigate CVE-2010-4832, upgrade your Android OS to version 2.2 or later.
What is the impact of CVE-2010-4832?
CVE-2010-4832 can allow remote attackers to impersonate trusted websites, potentially compromising user data.
Which versions of Android are affected by CVE-2010-4832?
CVE-2010-4832 affects Android versions prior to 2.2, including versions 1.0 through 2.1.
Is CVE-2010-4832 a client-side or server-side vulnerability?
CVE-2010-4832 is primarily a client-side vulnerability affecting the way Android handles SSL certificates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/google
- canonical/android
- version/android/2.1
- version/android/1.0
- version/android/1.1
- version/android/1.5
- version/android/1.6
- version/android/2.0
- version/android/2.0.1