CVE-2013-4710 - Vulnerability Details - OpenCVE

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:3.0:::::::*
	cpe:2.3:o:google:android:3.1:::::::*
	cpe:2.3:o:google:android:3.2:::::::*
	cpe:2.3:o:google:android:3.2.1:::::::*
	cpe:2.3:o:google:android:3.2.2:::::::*
	cpe:2.3:o:google:android:3.2.4:::::::*
	cpe:2.3:o:google:android:3.2.6:::::::*
	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*
	cpe:2.3:o:google:android:4.0.3:::::::*
	cpe:2.3:o:google:android:4.0.4:::::::*
	cpe:2.3:o:google:android:4.1:::::::*
	cpe:2.3:o:google:android:4.1.2:::::::*

No data.

References

Link	Providers
http://50.56.33.56/blog/?p=314
http://emobile.jp/products/sh/a01sh/systemsoftware.html
http://jvn.jp/en/jp/JVN53768697/113349/index.html
http://jvn.jp/en/jp/JVN53768697/397327/index.html
http://jvn.jp/en/jp/JVN53768697/995293/index.html
http://jvn.jp/en/jp/JVN53768697/995312/index.html
http://jvn.jp/en/jp/JVN53768697/995417/index.html
http://jvn.jp/en/jp/JVN53768697/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111
http://openwall.com/lists/oss-security/2014/02/18/11

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2014-03-03T02:00:00

Updated: 2024-08-06T16:52:27.233Z

Reserved: 2013-06-26T00:00:00

Link: CVE-2013-4710

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-03-03T04:50:46.237

Modified: 2024-11-21T01:56:07.053

Link: CVE-2013-4710

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-03T01:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"}, {"name": "JVN#53768697", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN53768697/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"}, {"name": "[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/02/18/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://50.56.33.56/blog/?p=314"}, {"name": "JVNDB-2013-000111", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2013-4710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://jvn.jp/en/jp/JVN53768697/113349/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"}, {"name": "http://emobile.jp/products/sh/a01sh/systemsoftware.html", "refsource": "CONFIRM", "url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"}, {"name": "JVN#53768697", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN53768697/index.html"}, {"name": "http://jvn.jp/en/jp/JVN53768697/397327/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"}, {"name": "http://jvn.jp/en/jp/JVN53768697/995312/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"}, {"name": "[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/02/18/11"}, {"name": "http://jvn.jp/en/jp/JVN53768697/995293/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"}, {"name": "http://jvn.jp/en/jp/JVN53768697/995417/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"}, {"name": "http://50.56.33.56/blog/?p=314", "refsource": "MISC", "url": "http://50.56.33.56/blog/?p=314"}, {"name": "JVNDB-2013-000111", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:27.233Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"}, {"name": "JVN#53768697", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"}, {"name": "[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/02/18/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://50.56.33.56/blog/?p=314"}, {"name": "JVNDB-2013-000111", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2013-4710", "datePublished": "2014-03-03T02:00:00", "dateReserved": "2013-06-26T00:00:00", "dateUpdated": "2024-08-06T16:52:27.233Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6997F035-D2F5-4174-B979-5D42FF69D9AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1FD2E59-59BF-4611-B65B-A2981127CAC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "86BFE05E-9749-43AA-8DB6-E2F13C2E1759", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4DAAB25F-26E4-4493-B3DA-F87240633031", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "96CD6B49-B9D4-493E-902D-B4EF48260BB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."}, {"lang": "es", "value": "Android 3.0 hasta 4.1.x en Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, y otros dispositivos no implementa debidamente la clase WebView, lo que permite a atacantes remotos ejecutar m\u00e9todos arbitrarios de objetos Java o causar una denegaci\u00f3n de servicio (reinicio) a trav\u00e9s de una p\u00e1gina web manipulada, tal y como se demostr\u00f3 mediante el uso del m\u00e9todo WebView.addJavascriptInterface, un problema relacionado con CVE-2012-6636."}], "id": "CVE-2013-4710", "lastModified": "2024-11-21T01:56:07.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-03T04:50:46.237", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://50.56.33.56/blog/?p=314"}, {"source": "vultures@jpcert.or.jp", "url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN53768697/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}, {"source": "vultures@jpcert.or.jp", "url": "http://openwall.com/lists/oss-security/2014/02/18/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://50.56.33.56/blog/?p=314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN53768697/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/02/18/11"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}