VAR-201704-0721
Vulnerability from variot - Updated: 2023-12-18 12:04The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Apple Music for Android is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Versions prior to Apple Music 2.0 running on Android version 4.3 and later are vulnerable. The vulnerability stems from the fact that the program does not verify the X.509 certificate on the SSL server side.
Impact
An attacker who can perform a man in the middle attack may present bogus SSL certificates which the application will accept silently.
Timeline
August 5, 2016 - Notified Apple via product-security@apple.com August 5, 2016 - Apple sent an auto acknowledgment August 16, 2016 - Apple responded stating that they are investigating October 5, 2016 - Apple confirmed the vulnerability January 18, 2017 - Asked for a status update January 20, 2017 - Apple responded stating that they are still working on the issue April 4, 2017 - Apple released version 2.0.0 which resolves this vulnerability
Solution
Upgrade to version 2.0.0 or later
https://support.apple.com/en-us/HT207605 https://support.apple.com/en-us/HT201222
CVE-ID:
CVE-2017-2387 . This issue was addressed through improved certificate validation. CVE-2017-2387: David Coomber of Info-Sec.CA
Installation note:
Apple Music 2.0 for Android may be obtained from Google Play.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY495eAAoJEIOj74w0bLRGVxwP/RCoUs/5c4PWbLKKMSIRqn/0 CQXJJsFW4IhR2ve9fyokQiYNNNRXkbz2hIj/veuv4mHfo9cq5iN4qdbktBQIiuCJ V3emDwGO8+thvJUJXZ5AMBz8lX0zEvqN1k2yIyk7lzqQQOzx0hIJASWX0B2oBB95 IsjbUmybVwRCL32Sn86RW9lVisfcchjwRMbYtoBORLqjLJOuQnTQzc91VdeSO4o/ pg0Am9OcumlhkeiEpu/RXBgnb7x7bx/KdFfQYEVDiyWmCxYJkDI96SDYuvu037f1 ZRL0hmmfgtMDjitVF2vAailMQkJ+JRaIkK/YW5sAUY+p6OdwRnOx+0ZQbrMfTFrK x8EdAo8v84HsEFToz7nRXy9tF3CLumWuSaOy6nJ7UKnFR6nXqqqXI6z7+M+HGcpY UVyspkBm9kYjLFz798tLCIUOdtIgURMkBTDIzrsAixaxDbUUrfgOxBwohh8gTE5X 1rucHpi5fK15SkCBndbRa2sDGnmNKP9MT0OL8DkRwQ06Owr5rn66emVc1vP26jK/ vvFwW5xRTdfXSTB5iU3QWwcDIlWu8D6sfMQAaPt1lSg0luvIUlAQGSiIfF92grOo PQfsZ8zUu1ghDefKxy7DfhUAlfjabM3c00p9mqjroFyQO//QiMnogGDDhC3oQx9V uOCp21cCIHCLiYFyhV2y =eJ3o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0721",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "music",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "music",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.0 (android version 4.3 or later )\\u3000 confirmation required"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.0"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0.9.11"
},
{
"model": "music",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0.9.1"
},
{
"model": "music",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "97390"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:apple_music:1.2.1:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Coomber of Info-Sec.CA",
"sources": [
{
"db": "BID",
"id": "97390"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2387",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-110590",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2387",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2387",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110590",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Apple Music for Android is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may lead to further attacks. \nVersions prior to Apple Music 2.0 running on Android version 4.3 and later are vulnerable. The vulnerability stems from the fact that the program does not verify the X.509 certificate on the SSL server side. \n\nImpact\n\nAn attacker who can perform a man in the middle attack may present\nbogus SSL certificates which the application will accept silently. \n\nTimeline\n\nAugust 5, 2016 - Notified Apple via product-security@apple.com\nAugust 5, 2016 - Apple sent an auto acknowledgment\nAugust 16, 2016 - Apple responded stating that they are investigating\nOctober 5, 2016 - Apple confirmed the vulnerability\nJanuary 18, 2017 - Asked for a status update\nJanuary 20, 2017 - Apple responded stating that they are still working\non the issue\nApril 4, 2017 - Apple released version 2.0.0 which resolves this vulnerability\n\nSolution\n\nUpgrade to version 2.0.0 or later\n\nhttps://support.apple.com/en-us/HT207605\nhttps://support.apple.com/en-us/HT201222\n\nCVE-ID:\n\nCVE-2017-2387\n. This issue was addressed through improved certificate\nvalidation. \nCVE-2017-2387: David Coomber of Info-Sec.CA\n\nInstallation note:\n\nApple Music 2.0 for Android may be obtained from Google Play. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY495eAAoJEIOj74w0bLRGVxwP/RCoUs/5c4PWbLKKMSIRqn/0\nCQXJJsFW4IhR2ve9fyokQiYNNNRXkbz2hIj/veuv4mHfo9cq5iN4qdbktBQIiuCJ\nV3emDwGO8+thvJUJXZ5AMBz8lX0zEvqN1k2yIyk7lzqQQOzx0hIJASWX0B2oBB95\nIsjbUmybVwRCL32Sn86RW9lVisfcchjwRMbYtoBORLqjLJOuQnTQzc91VdeSO4o/\npg0Am9OcumlhkeiEpu/RXBgnb7x7bx/KdFfQYEVDiyWmCxYJkDI96SDYuvu037f1\nZRL0hmmfgtMDjitVF2vAailMQkJ+JRaIkK/YW5sAUY+p6OdwRnOx+0ZQbrMfTFrK\nx8EdAo8v84HsEFToz7nRXy9tF3CLumWuSaOy6nJ7UKnFR6nXqqqXI6z7+M+HGcpY\nUVyspkBm9kYjLFz798tLCIUOdtIgURMkBTDIzrsAixaxDbUUrfgOxBwohh8gTE5X\n1rucHpi5fK15SkCBndbRa2sDGnmNKP9MT0OL8DkRwQ06Owr5rn66emVc1vP26jK/\nvvFwW5xRTdfXSTB5iU3QWwcDIlWu8D6sfMQAaPt1lSg0luvIUlAQGSiIfF92grOo\nPQfsZ8zUu1ghDefKxy7DfhUAlfjabM3c00p9mqjroFyQO//QiMnogGDDhC3oQx9V\nuOCp21cCIHCLiYFyhV2y\n=eJ3o\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "BID",
"id": "97390"
},
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "PACKETSTORM",
"id": "142038"
},
{
"db": "PACKETSTORM",
"id": "142034"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2387",
"trust": 3.0
},
{
"db": "BID",
"id": "97390",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "142038",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142034",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-110590",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "BID",
"id": "97390"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "PACKETSTORM",
"id": "142038"
},
{
"db": "PACKETSTORM",
"id": "142034"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"id": "VAR-201704-0721",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110590"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:04:19.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207605",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207605"
},
{
"title": "HT207605",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207605"
},
{
"title": "Apple Music for Android Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68930"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.info-sec.ca/advisories/apple-music.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97390"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207605"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2387"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-cve-2017-2387"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht207605 "
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht207605"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"trust": 0.1,
"url": "https://play.google.com/store/apps/details?id=com.apple.android.music)"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "BID",
"id": "97390"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "PACKETSTORM",
"id": "142038"
},
{
"db": "PACKETSTORM",
"id": "142034"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110590"
},
{
"db": "BID",
"id": "97390"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"db": "PACKETSTORM",
"id": "142038"
},
{
"db": "PACKETSTORM",
"id": "142034"
},
{
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110590"
},
{
"date": "2017-04-04T00:00:00",
"db": "BID",
"id": "97390"
},
{
"date": "2017-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"date": "2017-04-06T13:14:15",
"db": "PACKETSTORM",
"id": "142038"
},
{
"date": "2017-04-06T19:22:22",
"db": "PACKETSTORM",
"id": "142034"
},
{
"date": "2017-04-07T11:59:00.153000",
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-110590"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97390"
},
{
"date": "2017-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002443"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2387"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Android for Apple Music Application vulnerabilities impersonating servers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002443"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-317"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…