Lucene search

[email protected]CVE-2013-5158

HistorySep 19, 2013 - 10:28 a.m.

CVE-2013-5158

2013-09-1910:28:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-5158

social subsystem

apple ios

cache

twitter icons

physically proximate

sensitive information

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.0%

JSON

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.

Affected configurations

NVD

Node

appleiphone_osRange≤6.1.4

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

appleiphone_osMatch3.0

appleiphone_osMatch3.0.1

appleiphone_osMatch3.1

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.3

appleiphone_osMatch3.2

appleiphone_osMatch3.2.1

appleiphone_osMatch3.2.2

appleiphone_osMatch4.0

appleiphone_osMatch4.0.1

appleiphone_osMatch4.0.2

appleiphone_osMatch4.1

appleiphone_osMatch4.2.1

appleiphone_osMatch4.2.5

appleiphone_osMatch4.2.8

appleiphone_osMatch4.3.0

appleiphone_osMatch4.3.1

appleiphone_osMatch4.3.2

appleiphone_osMatch4.3.3

appleiphone_osMatch4.3.5

appleiphone_osMatch5.0

appleiphone_osMatch5.0.1

appleiphone_osMatch5.1

appleiphone_osMatch5.1.1

appleiphone_osMatch6.0

appleiphone_osMatch6.0.1

appleiphone_osMatch6.0.2

appleiphone_osMatch6.1

appleiphone_osMatch6.1.2

appleiphone_osMatch6.1.3

CPENameOperatorVersion
apple:iphone_osapple iphone osle6.1.4
apple:iphone_osapple iphone oseq1.0.0
apple:iphone_osapple iphone oseq1.0.1
apple:iphone_osapple iphone oseq1.0.2
apple:iphone_osapple iphone oseq1.1.0
apple:iphone_osapple iphone oseq1.1.1
apple:iphone_osapple iphone oseq1.1.2
apple:iphone_osapple iphone oseq1.1.3
apple:iphone_osapple iphone oseq1.1.4
apple:iphone_osapple iphone oseq1.1.5

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	6.1.4
apple:iphone_os	apple iphone os	eq	1.0.0
apple:iphone_os	apple iphone os	eq	1.0.1
apple:iphone_os	apple iphone os	eq	1.0.2
apple:iphone_os	apple iphone os	eq	1.1.0
apple:iphone_os	apple iphone os	eq	1.1.1
apple:iphone_os	apple iphone os	eq	1.1.2
apple:iphone_os	apple iphone os	eq	1.1.3
apple:iphone_os	apple iphone os	eq	1.1.4
apple:iphone_os	apple iphone os	eq	1.1.5

Rows per page:

1-10 of 481

References

lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

support.apple.com/kb/HT5934

www.securitytracker.com/id/1029054

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.0%

JSON

Related for CVE-2013-5158

prion1 nvd1 cvelist1 securityvulns2