exploitDog

CVE-2015-0897

Опубликовано: 31 окт. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

Ссылки

http://official-blog.line.me/ja/archives/24809761.html
Vendor Advisory
https://jvn.jp/en/jp/JVN41281927/
Third Party Advisory
http://official-blog.line.me/ja/archives/24809761.html
Vendor Advisory
https://jvn.jp/en/jp/JVN41281927/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:line:line:*:*:*:*:*:iphone_os:*:*

Версия до 5.0.0 (включая)

cpe:2.3:a:line:line:*:*:*:*:*:android:*:*

Версия до 5.0.2 (включая)

EPSS

Процентиль: 31%

0.00115

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-924

Связанные уязвимости

GHSA-9xm2-c28x-g93r

CVSS3: 5.9

github

больше 2 лет назад

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

EPSS

Процентиль: 31%

0.00115

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-924