(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities
2014-08-11T00:00:00
ID SECURITYVULNS:DOC:30996 Type securityvulns Reporter Securityvulns Modified 2014-08-11T00:00:00
Description
Hi,
We have recently discovered a severe Cross-Application Scripting (XAS) vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques.
In addition, we have also found a set of vulnerabilities which allow for data exfiltration to an arbitrary target, bypassing Cordova's whitelisting mechanism.
The CVE identifiers are:
CVE-2014-3500: Cross-Application Scripting via Android Intents
CVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs
CVE-2014-3502: Data Leak to Other Applications via Android Intent URIs
We had privately reported the issues to Cordova and CVE-2014-3100 has been fixed in Cordova 3.5.1. See our whitepaper for details on how to mitigate CVE-2014-3501 and CVE-2014-3502.
More details (including a video demo of a working exploit) are available at:
{"id": "SECURITYVULNS:DOC:30996", "bulletinFamily": "software", "title": "(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities", "description": "\r\n\r\nHi,\r\n\r\nWe have recently discovered a severe Cross-Application Scripting (XAS) vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques.\r\n\r\nIn addition, we have also found a set of vulnerabilities which allow for data exfiltration to an arbitrary target, bypassing Cordova's whitelisting mechanism. \r\n\r\nThe CVE identifiers are:\r\n\r\nCVE-2014-3500: Cross-Application Scripting via Android Intents\r\nCVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs\r\nCVE-2014-3502: Data Leak to Other Applications via Android Intent URIs\r\n\r\nWe had privately reported the issues to Cordova and CVE-2014-3100 has been fixed in Cordova 3.5.1. See our whitepaper for details on how to mitigate CVE-2014-3501 and CVE-2014-3502. \r\n\r\nMore details (including a video demo of a working exploit) are available at:\r\n\r\n1. Blog: http://securityintelligence.com/apache-cordova-phonegap-vulnerability-android-banking-apps/\r\n2. Advisory: https://www.slideshare.net/ibmsecurity/remote-exploitation-of-the-cordova-framework/\r\n\r\n- Roee Hay & David Kaplan \t\t \t \t\t \r\n\r\n", "published": "2014-08-11T00:00:00", "modified": "2014-08-11T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30996", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-3100", "CVE-2014-3500", "CVE-2014-3502", "CVE-2014-3501"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:53", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 7.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "android", "idList": ["ANDROID:KEYSTORE_BUFFER"]}, {"type": "cve", "idList": ["CVE-2014-3100", "CVE-2014-3500", "CVE-2014-3501", "CVE-2014-3502"]}, {"type": "nessus", "idList": ["GOOGLE_ANDROID_2014_3100.NBIN", "WEBSPHERE_PORTAL_8_5_0_0_CF03.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31053", "SECURITYVULNS:DOC:31204", "SECURITYVULNS:VULN:13918", "SECURITYVULNS:VULN:14005"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-3100", "CVE-2014-3500", "CVE-2014-3501", "CVE-2014-3502"]}, {"type": "nessus", "idList": ["GOOGLE_ANDROID_2014_3100.NBIN"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13918"]}]}, "exploitation": null, "vulnersScore": 7.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"securityvulns": [{"lastseen": "2021-06-08T18:52:26", "bulletinFamily": "software", "cvelist": ["CVE-2014-3500", "CVE-2014-3502", "CVE-2014-3501"], "description": "Cross application scripting, restrictions bypass, information leakage.", "edition": 2, "modified": "2014-08-11T00:00:00", "published": "2014-08-11T00:00:00", "id": "SECURITYVULNS:VULN:13918", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13918", "title": "Apache Cordova multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-3502"], "description": "\r\n\r\nThe following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html\r\n\r\nAndroid Platform Release: 04 Aug 2014\r\n\r\nCVE-2014-3502: Cordova apps can potentially leak data to other apps via URL\r\nloading\r\n\r\n\r\nSeverity: Medium\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nCordova Android versions up to 3.5.0\r\n\r\nDescription:\r\nAndroid applications built with the Cordova framework can launch other\r\napplications through the use of anchor tags, or by redirecting the webview to\r\nan Android intent URL. An attacker who can manipulate the HTML content of a\r\nCordova application can create links which open other applications and send\r\narbitrary data to those applications. An attacker who can run arbitrary\r\nJavaScript code within the context of the Cordova application can also set the\r\ndocument location to such a URL. By using this in concert with a second,\r\nvulnerable application, an attacker might be able to use this method to send\r\ndata from the Cordova application to the network.\r\n\r\nThe latest release of Cordova Android takes steps to block explicit Android\r\nintent urls, so that they can no longer be used to start arbitrary applications\r\non the device.\r\n\r\nImplicit intents, including URLs with schemes such as "tel", "geo", and "sms"\r\ncan still be used to open external applications by default, but this behaviour\r\ncan be overridden by plugins.\r\n\r\nUpgrade path:\r\nDevelopers who are concerned about this should rebuild their applications with\r\nCordova Android 3.5.1.\r\n\r\nCredit:\r\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.\r\n\r\n", "edition": 1, "modified": "2014-08-26T00:00:00", "published": "2014-08-26T00:00:00", "id": "SECURITYVULNS:DOC:31053", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31053", "title": "Apache Cordova 3.5.1: CVE-2014-3502 update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\nHi,\r\n\r\nWe have discovered a stack-based buffer overflow in the Android\r\nKeyStore service which affects Android 4.3 and below. The issue was\r\npatched in Android 4.4.\r\n\r\nThe vulnerability is identified as CVE-2014-3100.\r\n\r\nMore details are available at:\r\n\r\n1. Blog post: http://ibm.co/1pbk4yH\r\n2. Advisory: http://slidesha.re/1nxBnmY\r\n\r\n-Roee\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "Android KeyStore Stack Buffer Overflow (CVE-2014-3100)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3100"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31204", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31204", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:46:35", "description": "Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow.", "edition": 2, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "Android / MIUI multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3100"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:VULN:14005", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14005", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:55:17", "description": "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.", "cvss3": {}, "published": "2014-11-15T21:59:00", "type": "cve", "title": "CVE-2014-3502", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3502"], "modified": "2014-11-17T14:10:00", "cpe": ["cpe:/a:apache:cordova:3.5.0"], "id": "CVE-2014-3502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3502", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*"]}, {"lastseen": "2022-03-23T12:55:17", "description": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.", "cvss3": {}, "published": "2014-11-15T21:59:00", "type": "cve", "title": "CVE-2014-3501", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3501"], "modified": "2014-11-17T14:03:00", "cpe": ["cpe:/a:apache:cordova:3.5.0"], "id": "CVE-2014-3501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3501", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*"]}, {"lastseen": "2022-03-23T12:47:32", "description": "Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.", "cvss3": {}, "published": "2014-07-02T04:14:00", "type": "cve", "title": "CVE-2014-3100", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3100"], "modified": "2018-10-09T19:43:00", "cpe": ["cpe:/o:google:android:4.3"], "id": "CVE-2014-3100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3100", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:55:14", "description": "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.", "cvss3": {}, "published": "2014-11-15T21:59:00", "type": "cve", "title": "CVE-2014-3500", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3500"], "modified": "2014-11-17T13:55:00", "cpe": ["cpe:/a:apache:cordova:3.5.0"], "id": "CVE-2014-3500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3500", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*"]}], "nessus": [{"lastseen": "2022-04-16T14:09:42", "description": "The mobile device is running Google Android version 4.3. It is, therefore, affected by a local stack-based buffer overflow in the KeyStore Service. The issue is due to user-supplied input to the 'encode_key' function in the KeyStore service not being properly validated. This allows a local attacker to execute arbitrary code in the context of the application and to disclose sensitive information.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-19T00:00:00", "type": "nessus", "title": "Google Android 4.3 KeyStore Service Local Stack-based Buffer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3100"], "modified": "2022-02-14T00:00:00", "cpe": ["cpe:/o:google:android"], "id": "GOOGLE_ANDROID_2014_3100.NBIN", "href": "https://www.tenable.com/plugins/nessus/77761", "sourceData": "Binary data google_android_2014_3100.nbin", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:10:26", "description": "The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :\n\n - Multiple vulnerabilities exist in the Apache Cordova component, including cross-application scripting, security bypass, and information disclosure.\n (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)\n\n - An information disclosure flaw exists that allows remote authenticated attackers to obtain credentials by reading HTML source code. (CVE-2014-4761)\n\n - An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)\n\n - A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially-crafted XML document, an attacker can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)\n\n - An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.\n (CVE-2014-4821)\n\n - A flaw exists in CKEditor in the Preview plugin that allows a cross-site scripting attack. The flaw exists due to 'plugins/preview/preview.html' not properly validating user-supplied input before returning it to users. This allows an attacker to send a specially crafted request designed to steal cookie-based authentication credentials. (CVE-2014-5191)\n\n - A cross-site request forgery vulnerability exists due to improper validation of user-supplied input. By tricking a user into visiting a malicious website, a remote attacker can perform cross-site scripting attacks, web cache poisoning, and other malicious activities. (CVE-2014-6125)\n\n - A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can execute code within a victim's web browser within the context of the hosted site. This can lead to the compromise of the user's cookie-based authentication credentials. (CVE-2014-6126)\n\n - An unspecified cross-site scripting vulnerability exists due to improper validation of user input.\n (CVE-2014-4762)", "cvss3": {"score": null, "vector": null}, "published": "2014-10-30T00:00:00", "type": "nessus", "title": "IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3500", "CVE-2014-3501", "CVE-2014-3502", "CVE-2014-4761", "CVE-2014-4762", "CVE-2014-4808", "CVE-2014-4814", "CVE-2014-4821", "CVE-2014-5191", "CVE-2014-6125", "CVE-2014-6126", "CVE-2014-6215"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:ibm:websphere_portal"], "id": "WEBSPHERE_PORTAL_8_5_0_0_CF03.NASL", "href": "https://www.tenable.com/plugins/nessus/78742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78742);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2014-3500\",\n \"CVE-2014-3501\",\n \"CVE-2014-3502\",\n \"CVE-2014-4761\",\n \"CVE-2014-4808\",\n \"CVE-2014-4814\",\n \"CVE-2014-4821\",\n \"CVE-2014-5191\",\n \"CVE-2014-6125\",\n \"CVE-2014-6126\",\n \"CVE-2014-6215\"\n );\n script_bugtraq_id(\n 69038,\n 69041,\n 69046,\n 69161,\n 70322,\n 70755,\n 70756,\n 70757,\n 70758,\n 70759,\n 71728\n );\n\n script_name(english:\"IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for the installed patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has web portal software installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM WebSphere Portal installed on the remote host is\naffected by the multiple vulnerabilities :\n\n - Multiple vulnerabilities exist in the Apache Cordova\n component, including cross-application scripting,\n security bypass, and information disclosure.\n (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)\n\n - An information disclosure flaw exists that allows\n remote authenticated attackers to obtain credentials\n by reading HTML source code. (CVE-2014-4761)\n\n - An unspecified vulnerability exists that allows an\n authenticated attacker to execute arbitrary code on the\n system. (CVE-2014-4808)\n\n - A flaw exists that is caused by improper recursion\n detection during entity expansion. By tricking a user\n into opening a specially-crafted XML document, an\n attacker can cause the system to crash, resulting in a\n denial of service. (CVE-2014-4814)\n\n - An information disclosure vulnerability exists that\n allows a remote attacker to identify whether or not a\n file exists based on the web server error codes.\n (CVE-2014-4821)\n\n - A flaw exists in CKEditor in the Preview plugin that\n allows a cross-site scripting attack. The flaw exists\n due to 'plugins/preview/preview.html' not properly\n validating user-supplied input before returning it to\n users. This allows an attacker to send a specially\n crafted request designed to steal cookie-based\n authentication credentials. (CVE-2014-5191)\n\n - A cross-site request forgery vulnerability exists due\n to improper validation of user-supplied input. By\n tricking a user into visiting a malicious website, a\n remote attacker can perform cross-site scripting\n attacks, web cache poisoning, and other malicious\n activities. (CVE-2014-6125)\n\n - A cross-site scripting vulnerability exists due to\n improper validation of user-supplied input. A remote\n attacker can execute code within a victim's web browser\n within the context of the hosted site. This can lead to\n the compromise of the user's cookie-based authentication\n credentials. (CVE-2014-6126)\n\n - An unspecified cross-site scripting vulnerability exists\n due to improper validation of user input.\n (CVE-2014-4762)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21684649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21684651\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_cve_2014_4814_cve_2014_4808_cve_2014_4821_cve_2014_6125_cve_2014_6126?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e77e115\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ckeditor_that_affect_ibm_websphere_portal_cve_2014_5191?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60595c5b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21684650\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21684652\");\n # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_cve_2014_3083_cve_2014_4761?lang=en_us\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa26251e\");\n script_set_attribute(attribute:\"solution\", value:\n\"IBM has published a cumulative fix (CF03) for WebSphere Portal 8.5.0.\nRefer to IBM's advisory for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_portal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_portal_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Portal\");\n\n exit(0);\n}\n\ninclude(\"websphere_portal_version.inc\");\n\nwebsphere_portal_check_version(\n ranges:make_list(\"8.5.0.0, 8.5.0.0\"),\n fix:\"CF03\",\n severity:SECURITY_WARNING,\n xss:TRUE,\n xsrf:TRUE\n);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "android": [{"lastseen": "2021-07-28T14:34:32", "description": "Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.", "edition": 3, "cvss3": {}, "published": "2014-06-23T00:00:00", "title": "keystore buffer", "type": "android", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3100"], "modified": "2014-07-17T00:00:00", "id": "ANDROID:KEYSTORE_BUFFER", "href": "http://www.androidvulnerabilities.org/vulnerabilities/keystore_buffer.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}
