An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).
References
Link | Resource |
---|---|
https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Configurations
Information
Published : 2020-04-10 12:15
Updated : 2020-04-13 08:31
NVD link : CVE-2015-9546
Mitre link : CVE-2015-9546
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
- android