Lucene search

K
cve[email protected]CVE-2011-3975
HistoryOct 03, 2011 - 3:55 p.m.

CVE-2011-3975

2011-10-0315:55:01
CWE-200
web.nvd.nist.gov
17
htc
android
security vulnerability
cve-2011-3975
sensitive information disclosure
nvd
htcloggers.apk

6.8 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Affected configurations

NVD
Node
googleandroidMatch2.3.4
AND
htcevo_3d
OR
htcevo_4g
OR
htcthunderbolt

6.8 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%

Related for CVE-2011-3975