Sign-up

ID

VAR-201509-0496


CVE

CVE-2015-5633


TITLE

Auction Camera vulnerable to URL whitelist bypass

Trust: 0.8

sources: JVNDB: JVNDB-2015-000131

DESCRIPTION

The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Android version of this app may allow an applican API to be executed if that API has been granted permission in the android manifest. iOS version of this app may allow an arbitrary API to be executed. Newphoria Auction Camera for iOS and Android is a set of online video preview and recording applications based on iOS and Android platforms from Newphoria, Japan

Trust: 1.71

sources: NVD: CVE-2015-5633 // JVNDB: JVNDB-2015-000131 // VULHUB: VHN-83594

AFFECTED PRODUCTS

vendor:newphoriamodel:auction camerascope:eqversion: -

Trust: 1.6

vendor:newphoriamodel:auction camerascope:lteversion:1.1

Trust: 1.0

vendor:newphoriamodel:auction camerascope:lteversion:for android 1.1

Trust: 0.8

vendor:newphoriamodel:auction camerascope:eqversion:for ios

Trust: 0.8

vendor:newphoriamodel:auction camerascope:eqversion:1.1

Trust: 0.6

sources: JVNDB: JVNDB-2015-000131 // CNNVD: CNNVD-201509-386 // NVD: CVE-2015-5633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5633
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2015-000131
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-386
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83594
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5633
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000131
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-83594
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83594 // JVNDB: JVNDB-2015-000131 // CNNVD: CNNVD-201509-386 // NVD: CVE-2015-5633

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-83594 // JVNDB: JVNDB-2015-000131 // NVD: CVE-2015-5633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-386

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000131

PATCH
title:Information from Newphoria Corporationurl:http://jvn.jp/en/jp/JVN71815309/995707/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-000131

EXTERNAL IDS
db:NVDid:CVE-2015-5633
Trust: 2.5
db:JVNDBid:JVNDB-2015-000131
Trust: 2.5
db:JVNid:JVN71815309
Trust: 2.5
db:CNNVDid:CNNVD-201509-386
Trust: 0.7
db:VULHUBid:VHN-83594
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83594 // 
            
            
            
            JVNDB: JVNDB-2015-000131 // 
            
            
            
            CNNVD: CNNVD-201509-386 // 
            
            
            
            NVD: CVE-2015-5633

REFERENCES
url:http://jvn.jp/en/jp/jvn71815309/index.html
Trust: 2.5
url:http://jvn.jp/en/jp/jvn71815309/995707/index.html
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000131
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5633
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5633
Trust: 0.8
sources:
            
            
            VULHUB: VHN-83594 // 
            
            
            
            JVNDB: JVNDB-2015-000131 // 
            
            
            
            CNNVD: CNNVD-201509-386 // 
            
            
            
            NVD: CVE-2015-5633

SOURCES
db:VULHUBid:VHN-83594
db:JVNDBid:JVNDB-2015-000131
db:CNNVDid:CNNVD-201509-386
db:NVDid:CVE-2015-5633

LAST UPDATE DATE
2025-04-13T23:39:37.441000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83594date:2015-09-23T00:00:00
db:JVNDBid:JVNDB-2015-000131date:2015-09-16T00:00:00
db:CNNVDid:CNNVD-201509-386date:2015-09-24T00:00:00
db:NVDid:CVE-2015-5633date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83594date:2015-09-20T00:00:00
db:JVNDBid:JVNDB-2015-000131date:2015-09-16T00:00:00
db:CNNVDid:CNNVD-201509-386date:2015-09-22T00:00:00
db:NVDid:CVE-2015-5633date:2015-09-20T17:59:01.413