Lucene search

JpcertCVE-2012-1249

HistoryMay 21, 2012 - 8:55 p.m.

CVE-2012-1249

2012-05-2120:55:18

CWE-200

jpcert

web.nvd.nist.gov

ilunascape

android

webview

security vulnerability

sensitive information

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.

Affected configurations

Nvd

Node

lunascapeilunascape_androidRange≤1.0.4.0

AND

googleandroid

VendorProductVersionCPE
lunascapeilunascape_android*cpe:2.3:a:lunascape:ilunascape_android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lunascape	ilunascape_android	*	cpe:2.3:a:lunascape:ilunascape_android::::::::
google	android	*	cpe:2.3:o:google:android::::::::

References

jvn.jp/en/jp/JVN86044443/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000044

osvdb.org/82035

secunia.com/advisories/49253

www.securityfocus.com/bid/53619

play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.9%

JSON

Related for CVE-2012-1249