CVE-2014-0803 - OpenCVE

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yuichiro Okuyama	Tetra Filer Tetra Filer Free
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:a:yuichiro_okuyama:tetra_filer::-:-::-:android::
	cpe:2.3:a:yuichiro_okuyama:tetra_filer_free::-:-::-:android::

OR	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:yuichiro_okuyama:tetra_filer::-:-::-:android::
	cpe:2.3:a:yuichiro_okuyama:tetra_filer_free::-:-::-:android::

cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

References

Link	Resource
http://jvn.jp/en/jp/JVN51285738/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002
https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app
https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2014-01-12T15:00:00

Updated: 2014-01-12T15:57:00

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0803

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-01-12T18:34:56.033

Modified: 2014-01-13T19:47:08.617

Link: CVE-2014-0803

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-12T15:57:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2014-000002", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}, {"name": "JVN#51285738", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-0803", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2014-000002", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"name": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free", "refsource": "CONFIRM", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}, {"name": "JVN#51285738", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"name": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app", "refsource": "CONFIRM", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-0803", "datePublished": "2014-01-12T15:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2014-01-12T15:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer:*:-:-:*:-:android:*:*", "matchCriteriaId": "C5B81D18-1DD4-4AC0-A078-F5438BFAFF32", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer_free:*:-:-:*:-:android:*:*", "matchCriteriaId": "92C962E7-FDB2-4166-A1FB-EABAB54E5E2E", "versionEndIncluding": "1.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer:*:-:-:*:-:android:*:*", "matchCriteriaId": "1BDC0DF4-9B9D-46BB-907B-907A348C3DA6", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer_free:*:-:-:*:-:android:*:*", "matchCriteriaId": "C9C6AFC9-9CA7-4CE2-8A52-CD2B5499321E", "versionEndIncluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en la aplicaci\u00f3n tetra filer 2.3.1 y anteriores para Android 4.0.3, tetra filer free 2.3.1 y anteriores para Android 4.0.3, tetra filer 1.5.1 y anteriores para Android anteriores a 4.0.3, y tetra filer free 1.5.1 y anteriores para Android adteriores a 4.0.3 permite a atacantes sobreescribir o crear archivos de forma arbitraria a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0803", "lastModified": "2014-01-13T19:47:08.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-12T18:34:56.033", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"source": "vultures@jpcert.or.jp", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}, {"source": "vultures@jpcert.or.jp", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}