Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-6636
HistoryMar 03, 2014 - 4:50 a.m.

CVE-2012-6636

2014-03-0304:50:46
CWE-264
[email protected]
web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.

Affected configurations

NVD
Node
googleandroid_apiRange16.0
OR
googleandroid_apiMatch1.0
OR
googleandroid_apiMatch2.0
OR
googleandroid_apiMatch3.0
OR
googleandroid_apiMatch4.0
OR
googleandroid_apiMatch5.0
OR
googleandroid_apiMatch6.0
OR
googleandroid_apiMatch7.0
OR
googleandroid_apiMatch8.0
OR
googleandroid_apiMatch9.0
OR
googleandroid_apiMatch10.0
OR
googleandroid_apiMatch11.0
OR
googleandroid_apiMatch12.0
OR
googleandroid_apiMatch13.0
OR
googleandroid_apiMatch14.0
OR
googleandroid_apiMatch15.0

Related

zdt 1
cvelist 4
nvd 3
cve 4
android 1
ubuntucve 1
prion 4
exploitpack 1
hackerone 1
myhack58 1
saint 4
seebug 1
checkpoint_advisories 1
jvn 2
exploitdb 1
packetstorm 1
lenovo 2
zdt
zdt
Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit
2017-03-23 00:00:00
cvelist
cvelist
CVE-2012-6636
2014-03-03 02:00:00
CVE-2013-4710
2014-03-03 02:00:00
CVE-2014-0514
2014-04-15 20:00:00
nvd
nvd
CVE-2013-4710
2014-03-03 04:50:46
CVE-2014-0514
2014-04-15 23:13:14
CVE-2014-4968
2020-02-12 01:15:10
cve
cve
CVE-2013-4710
2014-03-03 04:50:46
CVE-2012-6636
2014-03-03 04:50:46
CVE-2014-4968
2020-02-12 01:15:10
android
android
JavaScript to Java
2012-12-21 00:00:00
ubuntucve
ubuntucve
CVE-2012-6636
2014-03-03 00:00:00
prion
prion
Server side request forgery (ssrf)
2014-03-03 04:50:00
Design/Logic Flaw
2014-03-03 04:50:00
Design/Logic Flaw
2014-04-15 23:13:00
exploitpack
exploitpack
Boat Browser 8.08.0.1 - Remote Code Execution
2014-07-16 00:00:00
hackerone
hackerone
ownCloud: Webview Vulnerablity [OwnCloudAndroid Application]
2015-09-07 11:57:09
myhack58
myhack58
Millet mobile phone MIUI remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
2014-08-25 00:00:00
saint
saint
Android WebView addJavascriptInterface Arbitrary Java Method Access
2014-02-11 00:00:00
Android WebView addJavascriptInterface Arbitrary Java Method Access
2014-02-11 00:00:00
Android WebView addJavascriptInterface Arbitrary Java Method Access
2014-02-11 00:00:00
seebug
seebug
Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability
2014-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Android Denial Of Service (CVE-2013-4710)
2022-05-30 00:00:00
jvn
jvn
JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution
2020-07-28 00:00:00
JVN#53768697: Android OS vulnerable to arbitrary Java method execution
2013-12-17 00:00:00
exploitdb
exploitdb
Boat Browser 8.0/8.0.1 - Remote Code Execution
2014-07-16 00:00:00
packetstorm
packetstorm
Boat Browser 8.0 / 8.0.1 Remote Code Execution
2014-07-16 00:00:00
lenovo
lenovo
SHAREit for Android Vulnerabilities
2017-05-08 00:00:00
SHAREit for Android Vulnerabilities - Lenovo Support US
2017-05-08 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON
Related for NVD:CVE-2012-6636
zdt1cvelist4nvd3cve4android1ubuntucve1prion4exploitpack1hackerone1myhack581saint4seebug1checkpoint_advisories1jvn2exploitdb1packetstorm1lenovo2