ID
VAR-201107-0324
TITLE
Android HTC FTP Service Directory Traversal Vulnerability
Trust: 0.6
DESCRIPTION
HTC is a popular smartphone. A directory traversal vulnerability exists in the Bluetooth OBEX FTP service provided by HTC devices running on Android 2.1 and Android 2.2 platforms. This vulnerability allows remote authenticated attackers to submit arbitrary directories and read arbitrary by submitting ../ pathname requests. file. Exploiting this issue allows an attacker to read or download arbitrary files from locations outside the application's current directory and obtain sensitive information. Other attacks may also be possible
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | htc | model: | aria | scope: | - | version: | - | Trust: 0.6 |
| vendor: | htc | model: | desire hd | scope: | - | version: | - | Trust: 0.6 |
| vendor: | htc | model: | wildfire | scope: | - | version: | - | Trust: 0.6 |
| vendor: | htc | model: | wildfire | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | htc | model: | desire hd | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | htc | model: | aria | scope: | eq | version: | 0 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 48821 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2011-2825 | Trust: 0.6 |
REFERENCES
| url: | http://www.seguridadmobile.com/android/android-security/htc-android-obex-ftp-service-directory-traversal.html | Trust: 0.9 |
| url: | http://www.htc.com/www/ | Trust: 0.3 |
CREDITS
Alberto Moreno Tablado
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2011-2825 |
| db: | BID | id: | 48821 |
LAST UPDATE DATE
2022-05-17T02:01:21.551000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2011-2825 | date: | 2011-07-22T00:00:00 |
| db: | BID | id: | 48821 | date: | 2011-07-20T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2011-2825 | date: | 2011-07-22T00:00:00 |
| db: | BID | id: | 48821 | date: | 2011-07-20T00:00:00 |