CVE-2010-4804

2011-06-0910:36:27

CWE-200

[email protected]

web.nvd.nist.gov

android

browser

vulnerability

cve-2010-4804

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.097 Low

EPSS

Percentile

94.8%

JSON

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

Affected configurations

NVD

Node

googleandroidRange≤2.3.3

googleandroidMatch1.5

googleandroidMatch1.6

googleandroidMatch2.1

googleandroidMatch2.2

googleandroidMatch2.2rev1

googleandroidMatch2.2.1

googleandroidMatch2.2.2

googleandroidMatch2.3rev1

CPENameOperatorVersion
google:androidgoogle androidle2.3.3
google:androidgoogle androideq1.5
google:androidgoogle androideq1.6
google:androidgoogle androideq2.1
google:androidgoogle androideq2.2
google:androidgoogle androideq2.2.1
google:androidgoogle androideq2.2.2
google:androidgoogle androideq2.3

CPE	Name	Operator	Version
google:android	google android	le	2.3.3
google:android	google android	eq	1.5
google:android	google android	eq	1.6
google:android	google android	eq	2.1
google:android	google android	eq	2.2
google:android	google android	eq	2.2.1
google:android	google android	eq	2.2.2
google:android	google android	eq	2.3