CVE-2014-0809 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gapless Player	Simzip

Configuration 1 [-]

OR	cpe:2.3:a:gapless_player:simzip::::::::
	cpe:2.3:a:gapless_player:simzip:1.1:::::::*

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN49384502/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008
https://exchange.xforce.ibmcloud.com/vulnerabilities/90980
https://play.google.com/store/apps/details?id=com.acidzazz.simzip

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2014-01-24T15:00:00

Updated: 2024-08-06T09:27:20.217Z

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0809

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-01-24T15:08:00.827

Modified: 2024-11-21T02:02:49.940

Link: CVE-2014-0809

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#49384502", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN49384502/index.html"}, {"name": "JVNDB-2014-000008", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008"}, {"name": "simple-zip-cve20140809-dir-traversal(90980)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90980"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-0809", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVN#49384502", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN49384502/index.html"}, {"name": "JVNDB-2014-000008", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008"}, {"name": "simple-zip-cve20140809-dir-traversal(90980)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90980"}, {"name": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip", "refsource": "CONFIRM", "url": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:20.217Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#49384502", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN49384502/index.html"}, {"name": "JVNDB-2014-000008", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008"}, {"name": "simple-zip-cve20140809-dir-traversal(90980)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90980"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-0809", "datePublished": "2014-01-24T15:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gapless_player:simzip:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE00EE20-D595-40C3-A694-FB3E55B3DCD0", "versionEndIncluding": "1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gapless_player:simzip:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6C46979-B971-4E2A-AA7E-4509D88C45F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n Gapless Player SimZip (tambi\u00e9n conocida como Simple Zip Viewer) anterior a v1.2.1 para Android permite a atacantes remotos sobrescribir o crear ficheros arbritrarios a trav\u00e9s nombres manipulados de ficheros."}], "id": "CVE-2014-0809", "lastModified": "2024-11-21T02:02:49.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-24T15:08:00.827", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN49384502/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008"}, {"source": "vultures@jpcert.or.jp", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90980"}, {"source": "vultures@jpcert.or.jp", "url": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN49384502/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://play.google.com/store/apps/details?id=com.acidzazz.simzip"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}