CVE-2016-2567

{"id": "CVE-2016-2567", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2017-04-13T16:59:01.143", "references": [{"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an \"exceptional URL\" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL."}, {"lang": "es", "value": "secfilter en el kernel de Samsung para Android en dispositivos SM-N9005 build N9005XXUGBOB6 (Note 3) y SM-G920F build G920FXXU2COH2 (Galaxy S6) permiten a los atacantes pasar por alto el filtrado de URL insertando una \"URL excepcional\" en la cadena de consulta, como lo demuestra el Http://should-have-been-filtered.example.com/?http://google.com URL."}], "lastModified": "2024-11-21T02:48:43.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F1AFDE-A42D-4B25-8081-1BBA0319A138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1A9C49-9E9E-4BD8-9AF2-3C1C281F82C5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B148CE20-A498-4F1E-9C2D-C38F9F15292D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}