CVE-2014-0802

Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN88313872/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.2:-:-::-:android::*
	cpe:2.3:a:aokitaka:zip_with_pass_pro::-:-::-:android::
	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.7:-:-::-:android::*
	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.5:-:-::-:android::*
	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.4:-:-::-:android::*
	cpe:2.3:a:aokitaka:zip_with_pass::-:-::-:android::
	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.0:-:-::-:android::*
	cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.1:-:-::-:android::*

Information

Published : 2014-01-12 10:34

Updated : 2014-01-13 11:07

NVD link : CVE-2014-0802

Mitre link : CVE-2014-0802

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

aokitaka

zip_with_pass
zip_with_pass_pro

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jvn.jp/en/jp/JVN88313872/index.html", "name": "JVN#88313872", "tags": [], "refsource": "JVN"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001", "name": "JVNDB-2014-000001", "tags": [], "refsource": "JVNDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0802", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-01-12T18:34Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.2:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:*:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.3.8"}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.7:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.5:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.4:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass:*:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.5.7"}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.3.0:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aokitaka:zip_with_pass_pro:6.2.1:-:-:*:-:android:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-01-13T19:07Z"}