Lucene search

[email protected]CVE-2014-1939

HistoryMar 03, 2014 - 4:50 a.m.

CVE-2014-1939

2014-03-0304:50:46

CWE-94

[email protected]

web.nvd.nist.gov

cve

2014-1939

android

java

security vulnerability

nvd

api

browserframe

searchboximpl

addjavascriptinterface

webkit

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

Affected configurations

NVD

Node

googleandroidRange≤4.3.1

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

Node

lenovoshareitRange≤3.5.88_wwandroid

CPENameOperatorVersion
google:androidgoogle androidle4.3.1
google:androidgoogle androideq4.0
google:androidgoogle androideq4.0.1
google:androidgoogle androideq4.0.2
google:androidgoogle androideq4.0.3
google:androidgoogle androideq4.0.4
google:androidgoogle androideq4.1
google:androidgoogle androideq4.1.2
google:androidgoogle androideq4.2
google:androidgoogle androideq4.2.1

CPE	Name	Operator	Version
google:android	google android	le	4.3.1
google:android	google android	eq	4.0
google:android	google android	eq	4.0.1
google:android	google android	eq	4.0.2
google:android	google android	eq	4.0.3
google:android	google android	eq	4.0.4
google:android	google android	eq	4.1
google:android	google android	eq	4.1.2
google:android	google android	eq	4.2
google:android	google android	eq	4.2.1

Rows per page:

1-10 of 121

References

blog.chromium.org/2013/11/introducing-chromium-powered-android.html

openwall.com/lists/oss-security/2014/02/11/2

support.lenovo.com/us/en/product_security/len_6421

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2014-1939

prion1 cvelist1 nvd1 lenovo2