Lucene search

JpcertCVE-2014-0803

HistoryJan 12, 2014 - 6:34 p.m.

CVE-2014-0803

2014-01-1218:34:56

CWE-22

jpcert

web.nvd.nist.gov

cve-2014-0803

directory traversal

tetra filer

android 4.0.3

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

62.0%

JSON

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.

Affected configurations

Nvd

Node

yuichiro_okuyamatetra_filerRange≤1.5.1---android

yuichiro_okuyamatetra_filer_freeRange≤1.5.1---android

AND

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

Node

yuichiro_okuyamatetra_filerRange≤2.3.1---android

yuichiro_okuyamatetra_filer_freeRange≤2.3.1---android

AND

googleandroidMatch4.0.3

VendorProductVersionCPE
yuichiro_okuyamatetra_filer*cpe:2.3:a:yuichiro_okuyama:tetra_filer:*:-:-:*:-:android:*:*
yuichiro_okuyamatetra_filer_free*cpe:2.3:a:yuichiro_okuyama:tetra_filer_free:*:-:-:*:-:android:*:*
googleandroid4.0cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
googleandroid4.0.1cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
googleandroid4.0.2cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
googleandroid4.0.3cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yuichiro_okuyama	tetra_filer	*	cpe:2.3:a:yuichiro_okuyama:tetra_filer::-:-::-:android::
yuichiro_okuyama	tetra_filer_free	*	cpe:2.3:a:yuichiro_okuyama:tetra_filer_free::-:-::-:android::
google	android	4.0	cpe:2.3:o:google:android:4.0:::::::*
google	android	4.0.1	cpe:2.3:o:google:android:4.0.1:::::::*
google	android	4.0.2	cpe:2.3:o:google:android:4.0.2:::::::*
google	android	4.0.3	cpe:2.3:o:google:android:4.0.3:::::::*

References

jvn.jp/en/jp/JVN51285738/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000002

play.google.com/store/apps/details?id=jp.main.brits.android.filer.app

play.google.com/store/apps/details?id=jp.main.brits.android.filer.free

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2014-0803