NVD

Id
84265  
Name
CVE-2017-2387  
Description
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.  
Reject
 
CVSS Version
2  
CVSS Score
2.9  
Severity
Low  
CVSS Base Score
2.9  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
5.5  
CVSS Vector
(AV:A/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-04-27  
Published
2017-04-07  
Modified Date
2017-04-13  
Seq
2017-2387  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
413042 84265 CVE-2014-9645 http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b  View
413043 84265 CVE-2014-9645 [oss-security] 20150124 Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load  View
413044 84265 CVE-2014-9645 72324  View
413045 84265 CVE-2014-9645 https://bugs.busybox.net/show_bug.cgi?id=7652  View
413046 84265 CVE-2014-9645 https://bugzilla.redhat.com/show_bug.cgi?id=1185707  View
413047 84265 CVE-2014-9645 https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu  View
416763 84265 CVE-2017-0186 97438  View
416764 84265 CVE-2017-0186 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0186  View

Related JVN