PT-2016-1717 · Google+1 · Android+1
Richard Shupak
·
Publicado
2016-04-18
·
Atualizado
2016-04-21
·
CVE-2016-2415
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions 5.0.x through 5.0.1
Android versions 5.1.x through 5.1.0
Android versions 6.x before 2016-04-01
Description
The issue is related to the Autodiscover implementation in Exchange ActiveSync, where the
exchange/eas/EasAutoDiscover.java function lacks protection of service data. This allows attackers to obtain sensitive information via a crafted application that triggers a spoofed response to a GET request.Recommendations
For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later.
For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later.
For Android versions 6.x before 2016-04-01, ensure that updates after 2016-04-01 are applied.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android
Exchange Activesync