CVE-2014-0803 - OpenCVE

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Yuichiro Okuyama	Tetra Filer Tetra Filer Free

Configuration 1 [-]

AND

OR	cpe:2.3:a:yuichiro_okuyama:tetra_filer::-:-::-:android::
	cpe:2.3:a:yuichiro_okuyama:tetra_filer_free::-:-::-:android::

OR	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:yuichiro_okuyama:tetra_filer::-:-::-:android::
	cpe:2.3:a:yuichiro_okuyama:tetra_filer_free::-:-::-:android::

cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://jvn.jp/en/jp/JVN51285738/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002
https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app
https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2014-01-12T15:00:00

Updated: 2024-08-06T09:27:19.643Z

Reserved: 2014-01-06T00:00:00

Link: CVE-2014-0803

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-01-12T18:34:56.033

Modified: 2014-01-13T19:47:08.617

Link: CVE-2014-0803

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-12T15:57:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2014-000002", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}, {"name": "JVN#51285738", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2014-0803", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2014-000002", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"name": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free", "refsource": "CONFIRM", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}, {"name": "JVN#51285738", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"name": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app", "refsource": "CONFIRM", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.643Z"}, "title": "CVE Program Container", "references": [{"name": "JVNDB-2014-000002", "tags": ["third-party-advisory", "x_refsource_JVNDB", "x_transferred"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}, {"name": "JVN#51285738", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2014-0803", "datePublished": "2014-01-12T15:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:19.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer:*:-:-:*:-:android:*:*", "matchCriteriaId": "C5B81D18-1DD4-4AC0-A078-F5438BFAFF32", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer_free:*:-:-:*:-:android:*:*", "matchCriteriaId": "92C962E7-FDB2-4166-A1FB-EABAB54E5E2E", "versionEndIncluding": "1.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer:*:-:-:*:-:android:*:*", "matchCriteriaId": "1BDC0DF4-9B9D-46BB-907B-907A348C3DA6", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yuichiro_okuyama:tetra_filer_free:*:-:-:*:-:android:*:*", "matchCriteriaId": "C9C6AFC9-9CA7-4CE2-8A52-CD2B5499321E", "versionEndIncluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en la aplicaci\u00f3n tetra filer 2.3.1 y anteriores para Android 4.0.3, tetra filer free 2.3.1 y anteriores para Android 4.0.3, tetra filer 1.5.1 y anteriores para Android anteriores a 4.0.3, y tetra filer free 1.5.1 y anteriores para Android adteriores a 4.0.3 permite a atacantes sobreescribir o crear archivos de forma arbitraria a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0803", "lastModified": "2014-01-13T19:47:08.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-12T18:34:56.033", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN51285738/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002"}, {"source": "vultures@jpcert.or.jp", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app"}, {"source": "vultures@jpcert.or.jp", "url": "https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}