Sign-up

ID

VAR-201309-0417


CVE

CVE-2013-5157


TITLE

Apple iOS of Twitter Vulnerability to post tweets in subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2013-004248

DESCRIPTION

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass sandbox security restrictions and perform unauthorized actions. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2013-5157 // JVNDB: JVNDB-2013-004248 // BID: 62555 // VULHUB: VHN-65159

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:7

Trust: 0.3

sources: BID: 62555 // JVNDB: JVNDB-2013-004248 // CNNVD: CNNVD-201309-343 // NVD: CVE-2013-5157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5157
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5157
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-343
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65159
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5157
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65159
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65159 // JVNDB: JVNDB-2013-004248 // CNNVD: CNNVD-201309-343 // NVD: CVE-2013-5157

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65159 // JVNDB: JVNDB-2013-004248 // NVD: CVE-2013-5157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-343

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-343

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004248

PATCH
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004248

EXTERNAL IDS
db:NVDid:CVE-2013-5157
Trust: 2.8
db:SECTRACKid:1029054
Trust: 1.1
db:SECUNIAid:54886
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNDBid:JVNDB-2013-004248
Trust: 0.8
db:CNNVDid:CNNVD-201309-343
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62555
Trust: 0.4
db:VULHUBid:VHN-65159
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65159 // 
            
            
            
            BID: 62555 // 
            
            
            
            JVNDB: JVNDB-2013-004248 // 
            
            
            
            CNNVD: CNNVD-201309-343 // 
            
            
            
            NVD: CVE-2013-5157

REFERENCES
url:http://support.apple.com/kb/ht5934
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.7
url:http://www.securitytracker.com/id/1029054
Trust: 1.1
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5157
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5157
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65159 // 
            
            
            
            BID: 62555 // 
            
            
            
            JVNDB: JVNDB-2013-004248 // 
            
            
            
            CNNVD: CNNVD-201309-343 // 
            
            
            
            NVD: CVE-2013-5157

CREDITS
Jin Han of Institute for Infocomm Research, Qiang Yan and Su Mon Kywe of Singapore Management University, and Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee of Georgia Institute of Technology
Trust: 0.3
sources:
            
            
            BID: 62555

SOURCES
db:VULHUBid:VHN-65159
db:BIDid:62555
db:JVNDBid:JVNDB-2013-004248
db:CNNVDid:CNNVD-201309-343
db:NVDid:CVE-2013-5157

LAST UPDATE DATE
2025-04-11T22:31:59.712000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65159date:2013-10-22T00:00:00
db:BIDid:62555date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004248date:2013-10-24T00:00:00
db:CNNVDid:CNNVD-201309-343date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5157date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65159date:2013-09-19T00:00:00
db:BIDid:62555date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004248date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-343date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5157date:2013-09-19T10:28:01.070