CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
http://www.iss.net/security_center/static/6814.php
http://archives.neohapsis.com/archives/bugtraq/2001-07/0127.html