CVE-2012-1244
First published: Fri Apr 27 2012(Updated: )
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nttdocomo Spmode Mail | <=5400 | |
| Nttdocomo Spmode Mail | =2546 | |
| Nttdocomo Spmode Mail | =2631 | |
| Nttdocomo Spmode Mail | =3000 | |
| Nttdocomo Spmode Mail | =3100 | |
| Nttdocomo Spmode Mail | =3200 | |
| Nttdocomo Spmode Mail | =3300 | |
| Nttdocomo Spmode Mail | =3400 | |
| Nttdocomo Spmode Mail | =4000 | |
| Nttdocomo Spmode Mail | =4200 | |
| Nttdocomo Spmode Mail | =4300 | |
| Nttdocomo Spmode Mail | =4400 | |
| Nttdocomo Spmode Mail | =4500 | |
| Nttdocomo Spmode Mail | =4600 | |
| Nttdocomo Spmode Mail | =4700 | |
| Nttdocomo Spmode Mail | =4800 | |
| Nttdocomo Spmode Mail | =4900 | |
| Nttdocomo Spmode Mail | =5000 | |
| Nttdocomo Spmode Mail | =5100 | |
| Nttdocomo Spmode Mail | =5200 | |
| Nttdocomo Spmode Mail | =5300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1244?
CVE-2012-1244 is classified with a medium severity due to its potential for man-in-the-middle attacks.
How do I fix CVE-2012-1244?
To fix CVE-2012-1244, update the NTT DOCOMO sp mode mail application to a version later than 5400.
Which versions are affected by CVE-2012-1244?
CVE-2012-1244 affects NTT DOCOMO sp mode mail application versions 5400 and earlier.
What type of attack does CVE-2012-1244 enable?
CVE-2012-1244 allows man-in-the-middle attackers to spoof SSL servers and intercept sensitive information.
What are the consequences of CVE-2012-1244?
Exploitation of CVE-2012-1244 can lead to sensitive information being compromised through fraudulent SSL certificates.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nttdocomo
- canonical/nttdocomo spmode mail
- version/nttdocomo spmode mail/5400
- version/nttdocomo spmode mail/2546
- version/nttdocomo spmode mail/2631
- version/nttdocomo spmode mail/3000
- version/nttdocomo spmode mail/3100
- version/nttdocomo spmode mail/3200
- version/nttdocomo spmode mail/3300
- version/nttdocomo spmode mail/3400
- version/nttdocomo spmode mail/4000
- version/nttdocomo spmode mail/4200
- version/nttdocomo spmode mail/4300
- version/nttdocomo spmode mail/4400
- version/nttdocomo spmode mail/4500
- version/nttdocomo spmode mail/4600
- version/nttdocomo spmode mail/4700
- version/nttdocomo spmode mail/4800
- version/nttdocomo spmode mail/4900
- version/nttdocomo spmode mail/5000
- version/nttdocomo spmode mail/5100
- version/nttdocomo spmode mail/5200
- version/nttdocomo spmode mail/5300