Vulnerability Name: | CVE-2011-0680 (CCN-65125) | ||||||||
Assigned: | 2011-01-31 | ||||||||
Published: | 2011-01-31 | ||||||||
Updated: | 2017-08-17 | ||||||||
Summary: | data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CONFIRM Type: Patch http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=18d6b7e9d2e538fb3c0264332b96c02abf367267 Source: MISC Type: Patch http://android.git.kernel.org/?p=platform/packages/apps/Mms.git;a=commit;h=4d26623ce82230e8e7009adb921c5edea370a9e0 Source: CONFIRM Type: UNKNOWN http://code.google.com/p/android/issues/detail?id=9392#c1460 Source: CONFIRM Type: UNKNOWN http://code.google.com/p/android/issues/detail?id=9392#c1620 Source: MITRE Type: CNA CVE-2011-0680 Source: MISC Type: UNKNOWN http://phandroid.com/2011/01/21/android-2-3-2-update-pushing-to-nexus-s-phone-fixes-sms-bug/ Source: MISC Type: UNKNOWN http://twitter.com/GalaxySsupport/statuses/28078194607263744 Source: MISC Type: UNKNOWN http://www.engadget.com/2011/01/22/nexus-one-gets-tiny-update-to-android-2-2-2-probably-fixes-sms/ Source: MISC Type: UNKNOWN http://www.htcphones.net/nexus-one-update-to-android-2-2-2/ Source: CCN Type: Open Handset Alliance Web site Android Source: CCN Type: OSVDB ID: 70744 Google Android Mms Application data/WorkingMessage.java Draft Cache SMS Message Remote Disclosure Source: MISC Type: UNKNOWN http://www.samsunghub.com/2011/01/22/nexus-s-gets-android-2-3-2-fixes-sms-bug/ Source: BID Type: UNKNOWN 46105 Source: CCN Type: BID-46105 Open Handset Alliance Android 'data/WorkingMessage.java' Information Disclosure Vulnerability Source: MISC Type: Patch http://www.theinquirer.net/inquirer/news/1939386/google-updates-nexus-android-222 Source: XF Type: UNKNOWN android-workingmessage-info-disclosure(65125) Source: XF Type: UNKNOWN android-workingmessage-info-disclosure(65125) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |