Vulnerability Name:

CVE-2013-4873 (CCN-85823)

Assigned:2013-07-16
Published:2013-07-16
Updated:2017-08-29
Summary:The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-4873

Source: OSVDB
Type: UNKNOWN
95374

Source: CCN
Type: SA54205
Tumblr for iOS Password Disclosure Security Issue

Source: CCN
Type: Tumblr Web site
Important security update for iPhone/iPad users

Source: CONFIRM
Type: Vendor Advisory
http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users

Source: CCN
Type: BID-61323
Tumblr for iOS Information Disclosure Vulnerability

Source: MISC
Type: UNKNOWN
http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/

Source: XF
Type: UNKNOWN
tumblr-unspecified-information-disclosure(85823)

Source: XF
Type: UNKNOWN
tumblr-unspecified-information-disclosure(85823)

Source: MISC
Type: Patch
https://itunes.apple.com/us/app/tumblr/id305343404

Source: CCN
Type: Tumblr for iOS Web Site
Tumblr for iOS

Vulnerable Configuration:Configuration 1:
  • cpe:/a:yahoo:tumblr:*:-:*:*:*:iphone_os:*:* (Version <= 3.4.0)

    • * Denotes that component is vulnerable
    BACK
    yahoo tumblr * -