Lucene search

[email protected]CVE-2013-4873

HistoryJul 18, 2013 - 4:51 p.m.

CVE-2013-4873

2013-07-1816:51:40

CWE-255

[email protected]

web.nvd.nist.gov

yahoo

tumblr

ios

cleartext credentials

sensitive information

cve-2013-4873

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.8%

JSON

The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

NVD

Node

yahootumblrRange≤3.4.0-iphone_os

CPENameOperatorVersion
yahoo:tumblryahoo tumblrle3.4.0

CPE	Name	Operator	Version
yahoo:tumblr	yahoo tumblr	le	3.4.0

References

osvdb.org/95374

staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users

www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/

exchange.xforce.ibmcloud.com/vulnerabilities/85823

itunes.apple.com/us/app/tumblr/id305343404

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2013-4873

prion1 nvd1 cvelist1