Skip to main content

Express CVE-2014-6887

MEDIUM
Cryptographic Issues (CWE-310)
2014-10-11 cret@cert.org
5.4
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:A/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 11, 2014 - 01:55 cve.org
MEDIUM 5.4

DescriptionCVE.org

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

AnalysisAI

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Affected products include: Express.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-24999 HIGH POC
7.5 Nov 26

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for

CVE-2026-47370 CRITICAL
9.9 Jun 12

Authenticated command injection in Ubiquiti UniFi OS allows low-privileged network-adjacent attackers to execute arbitra

CVE-2026-47369 CRITICAL
9.9 Jun 12

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged attacker with network access to elevate privileges on

CVE-2024-10491 MEDIUM POC
5.3 Oct 29

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in

CVE-2025-48997 HIGH
8.7 Jun 03

Denial of Service vulnerability in Multer (Node.js multipart form-data middleware) affecting versions 1.4.4-lts.1 throug

CVE-2026-47368 HIGH
8.6 Jun 12

Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive

CVE-2025-67731 HIGH
7.5 Dec 12

Servify Express, a Node.js package for starting Express servers, contains a denial of service vulnerability caused by th

CVE-2014-6393 MEDIUM
6.1 Aug 09

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Ty

CVE-2024-29041 MEDIUM
6.1 Mar 25

Express.js minimalist web framework for node. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitab

CVE-2026-27508 MEDIUM
5.1 Mar 30

Reflected cross-site scripting (XSS) in Smoothwall Express versions before 3.1 Update 13 allows unauthenticated remote a

CVE-2026-26352 MEDIUM
5.1 Mar 30

Stored cross-site scripting in Smoothwall Express prior to version 3.1 Update 13 allows authenticated attackers to injec

CVE-2024-43796 MEDIUM
4.7 Sep 10

Express.js minimalist web framework for node. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitab

Share

CVE-2014-6887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy