admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-22xx/CVE-2017-2278.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

154 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-2278",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2017-08-02T16:29:00.317",
"lastModified": "2017-08-04T18:05:36.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "Las versiones 2.0.3 y anteriores de la aplicaci\u00f3n RBB SPEED TEST App para Android, as\u00ed como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que realicen Man-in-the-Middle (MitM) suplantar servidores y obtener informaci\u00f3n sensible utilizando un certificado manipulado."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67143102-14B0-45F9-8C6E-66733446CC46"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "C53B5958-BCDB-4D35-923F-1F997B1ABC8C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67143102-14B0-45F9-8C6E-66733446CC46"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "49BAE6ED-890F-49BC-A54C-5E5C71899F8A"
}
]
}
]
}
],
"references": [
{
"url": "http://www.iid.co.jp/information/170714.html",
"source": "vultures@jpcert.or.jp",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
{
"url": "https://jvn.jp/en/jp/JVN24238648/index.html",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink