VAR-201408-0035
Vulnerability from variot - Updated: 2023-12-18 12:57LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. LINE is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NHN PlayArt LINE is a set of instant chat software developed by Japan NHN PlayArt Company. The software supports free calls, sending text messages and more. There are security vulnerabilities in NHN PlayArt LINE 3.2.1.83 and earlier versions based on Windows platform and NHN PlayArt LINE 3.2.1 and earlier versions based on OS X platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "line",
"scope": "lte",
"trust": 1.0,
"vendor": "linecorp",
"version": "3.2.1.83"
},
{
"model": "line",
"scope": "lte",
"trust": 1.0,
"vendor": "linecorp",
"version": "3.2.1"
},
{
"model": "line",
"scope": "lte",
"trust": 0.8,
"vendor": "line",
"version": "3.2.1 (mac os x)"
},
{
"model": "line",
"scope": "lte",
"trust": 0.8,
"vendor": "line",
"version": "3.2.1.83 (windows)"
},
{
"model": "line",
"scope": "eq",
"trust": 0.6,
"vendor": "linecorp",
"version": "3.2.1.83"
},
{
"model": "line",
"scope": "eq",
"trust": 0.6,
"vendor": "linecorp",
"version": "3.2.1"
},
{
"model": "line",
"scope": "eq",
"trust": 0.3,
"vendor": "line",
"version": "3.2.1.83"
},
{
"model": "line",
"scope": "eq",
"trust": 0.3,
"vendor": "line",
"version": "3.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "69336"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linecorp:line:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.1.83",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linecorp:line:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7144"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nu Sub Kittikul",
"sources": [
{
"db": "BID",
"id": "69336"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-7144",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-67146",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7144",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-261",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67146",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67146"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. LINE is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NHN PlayArt LINE is a set of instant chat software developed by Japan NHN PlayArt Company. The software supports free calls, sending text messages and more. There are security vulnerabilities in NHN PlayArt LINE 3.2.1.83 and earlier versions based on Windows platform and NHN PlayArt LINE 3.2.1 and earlier versions based on OS X platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "BID",
"id": "69336"
},
{
"db": "VULHUB",
"id": "VHN-67146"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7144",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261",
"trust": 0.7
},
{
"db": "BID",
"id": "69336",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-67146",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67146"
},
{
"db": "BID",
"id": "69336"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"id": "VAR-201408-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67146"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:56.401000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://linecorp.com/"
},
{
"title": "Line_2014_325.1395901470",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51682"
},
{
"title": "LineInst3.6.0.32.1402034880",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51681"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67146"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.thaicert.or.th/papers/general/2013/pa2013ge010.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7144"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7144"
},
{
"trust": 0.3,
"url": "http://line.me/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67146"
},
{
"db": "BID",
"id": "69336"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67146"
},
{
"db": "BID",
"id": "69336"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-67146"
},
{
"date": "2013-12-20T00:00:00",
"db": "BID",
"id": "69336"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"date": "2014-08-16T04:39:55.613000",
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"date": "2014-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-67146"
},
{
"date": "2013-12-20T00:00:00",
"db": "BID",
"id": "69336"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006631"
},
{
"date": "2014-08-18T14:51:08.033000",
"db": "NVD",
"id": "CVE-2013-7144"
},
{
"date": "2014-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Mac OS X Run on LINE Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-261"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…