Details of VAR-201310-0669

ID

VAR-201310-0669

TITLE

Multiple Directory Traversal Vulnerabilities in Bluetooth U 'New Folder - Index' Module

Trust: 0.6

sources: CNVD: CNVD-2013-13878

DESCRIPTION

Bluetooth U ensures the synchronization of file transfers between devices without restricting file types. The Bluetooth U v1.2.0 iOS mobile app (Apple iOS - iPad & iPhone) has multiple local directory traversal and file inclusion vulnerabilities. Bluetooth U is a set of Bluetooth connection software. The software supports file transfer, file sharing, local file management, and more. A directory traversal vulnerability exists in the New Folder-Index module in Bluetooth U, which stems from the program's insufficient filtering of user-submitted input. A remote attacker could exploit this vulnerability by using a request with a directory traversal sequence character to retrieve arbitrary local files in the application context. There are vulnerabilities in Bluetooth U 1.2.0, other versions may also be affected. Bluetooth U is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2013-13878 // CNNVD: CNNVD-201310-485 // BID: 63194

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13878

AFFECTED PRODUCTS

vendor:

apple

model:

bluetooth u

scope:

version:

1.2.0

Trust: 0.6

sources: CNVD: CNVD-2013-13878

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-13878
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-13878
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-485

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201310-485

EXTERNAL IDS

db:	BID	id:	63194	Trust: 1.5
db:	CNVD	id:	CNVD-2013-13878	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-485	Trust: 0.6

sources: CNVD: CNVD-2013-13878 // BID: 63194 // CNNVD: CNNVD-201310-485

REFERENCES

url:	http://seclists.org/bugtraq/2013/oct/81	Trust: 0.6
url:	http://www.vulnerability-lab.com/get_content.php?id=1111	Trust: 0.6
url:	http://www.securityfocus.com/bid/63194	Trust: 0.6
url:	https://itunes.apple.com/de/app/bluetooth-u-share-files-photo/id526268815	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2013/oct/126	Trust: 0.3

sources: CNVD: CNVD-2013-13878 // BID: 63194 // CNNVD: CNNVD-201310-485

CREDITS

Benjamin Kunz Mejri

Trust: 0.9

sources: BID: 63194 // CNNVD: CNNVD-201310-485

SOURCES

db:	CNVD	id:	CNVD-2013-13878
db:	BID	id:	63194
db:	CNNVD	id:	CNNVD-201310-485

LAST UPDATE DATE

2022-05-17T02:03:22.710000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13878	date:	2013-10-23T00:00:00
db:	BID	id:	63194	date:	2013-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201310-485	date:	2013-10-22T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13878	date:	2013-10-23T00:00:00
db:	BID	id:	63194	date:	2013-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201310-485	date:	2013-10-22T00:00:00