CVE-2013-4710
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
AI Score
Confidence
High
0.041 Low
EPSS
Percentile
92.2%
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Affected configurations
References
50.56.33.56/blog/?p=314
emobile.jp/products/sh/a01sh/systemsoftware.html
jvn.jp/en/jp/JVN53768697/113349/index.html
jvn.jp/en/jp/JVN53768697/397327/index.html
jvn.jp/en/jp/JVN53768697/995293/index.html
jvn.jp/en/jp/JVN53768697/995312/index.html
jvn.jp/en/jp/JVN53768697/995417/index.html
jvn.jp/en/jp/JVN53768697/index.html
jvndb.jvn.jp/jvndb/JVNDB-2013-000111
openwall.com/lists/oss-security/2014/02/18/11
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
AI Score
Confidence
High
0.041 Low
EPSS
Percentile
92.2%