CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5770
https://notcve.org/view.php?id=CVE-2014-5770
09 Sep 2014 — The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Web Browser for Android (también conocido como explore.web.browser) 1.2 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a tr... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2008-7298
https://notcve.org/view.php?id=CVE-2008-7298
09 Aug 2011 — The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. El navegador Android de Android no restringe apropiadamente las modificaciones a las cookies establecidas en las sesiones HTTPS, lo que facilita a atacante... • http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies • CWE-264: Permissions, Privileges, and Access Controls •