The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spmode_mail_android | Nttdocomo | * | 5400 (including) |
| Spmode_mail_android | Nttdocomo | 2546 (including) | 2546 (including) |
| Spmode_mail_android | Nttdocomo | 2631 (including) | 2631 (including) |
| Spmode_mail_android | Nttdocomo | 3000 (including) | 3000 (including) |
| Spmode_mail_android | Nttdocomo | 3100 (including) | 3100 (including) |
| Spmode_mail_android | Nttdocomo | 3200 (including) | 3200 (including) |
| Spmode_mail_android | Nttdocomo | 3300 (including) | 3300 (including) |
| Spmode_mail_android | Nttdocomo | 3400 (including) | 3400 (including) |
| Spmode_mail_android | Nttdocomo | 4000 (including) | 4000 (including) |
| Spmode_mail_android | Nttdocomo | 4200 (including) | 4200 (including) |
| Spmode_mail_android | Nttdocomo | 4300 (including) | 4300 (including) |
| Spmode_mail_android | Nttdocomo | 4400 (including) | 4400 (including) |
| Spmode_mail_android | Nttdocomo | 4500 (including) | 4500 (including) |
| Spmode_mail_android | Nttdocomo | 4600 (including) | 4600 (including) |
| Spmode_mail_android | Nttdocomo | 4700 (including) | 4700 (including) |
| Spmode_mail_android | Nttdocomo | 4800 (including) | 4800 (including) |
| Spmode_mail_android | Nttdocomo | 4900 (including) | 4900 (including) |
| Spmode_mail_android | Nttdocomo | 5000 (including) | 5000 (including) |
| Spmode_mail_android | Nttdocomo | 5100 (including) | 5100 (including) |
| Spmode_mail_android | Nttdocomo | 5200 (including) | 5200 (including) |
| Spmode_mail_android | Nttdocomo | 5300 (including) | 5300 (including) |