Vulnerability Name: | CVE-2013-4710 (CCN-90998) | ||||||||
Assigned: | 2013-06-26 | ||||||||
Published: | 2014-02-07 | ||||||||
Updated: | 2014-03-10 | ||||||||
Summary: | Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MISC Type: UNKNOWN http://50.56.33.56/blog/?p=314 Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2013-4710 Source: CONFIRM Type: UNKNOWN http://emobile.jp/products/sh/a01sh/systemsoftware.html Source: CONFIRM Type: UNKNOWN http://jvn.jp/en/jp/JVN53768697/113349/index.html Source: CONFIRM Type: UNKNOWN http://jvn.jp/en/jp/JVN53768697/397327/index.html Source: CONFIRM Type: UNKNOWN http://jvn.jp/en/jp/JVN53768697/995293/index.html Source: CONFIRM Type: UNKNOWN http://jvn.jp/en/jp/JVN53768697/995312/index.html Source: CONFIRM Type: UNKNOWN http://jvn.jp/en/jp/JVN53768697/995417/index.html Source: JVN Type: UNKNOWN JVN#53768697 Source: JVNDB Type: UNKNOWN JVNDB-2013-000111 Source: MLIST Type: UNKNOWN [oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Source: CCN Type: BID-62512 Google Android WebView Remote Security Bypass Vulnerability Source: XF Type: UNKNOWN google-android-cve20134710-code-exec(90998) Source: CCN Type: Packet Storm Security [02-07-2014] Android Browser / WebView addJavascriptInterface Code Execution Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-07-2014] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |