Search
Find a vulnerability
Search criteria
6 vulnerabilities found for 6131_nfc by nokia
CVE-2008-5827 (GCVE-0-2008-5827)
Vulnerability from nvd – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5827",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5826 (GCVE-0-2008-5826)
Vulnerability from nvd – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30716 | vdb-entryx_refsource_BID |
| http://www.mulliner.org/security/advisories/nokia… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30716"
},
{
"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt",
"refsource": "MISC",
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5826",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5825 (GCVE-0-2008-5825)
Vulnerability from nvd – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30716 | vdb-entryx_refsource_BID |
| http://www.mulliner.org/security/advisories/nokia… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30716"
},
{
"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt",
"refsource": "MISC",
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5825",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5825 (GCVE-0-2008-5825)
Vulnerability from cvelistv5 – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30716 | vdb-entryx_refsource_BID |
| http://www.mulliner.org/security/advisories/nokia… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30716"
},
{
"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt",
"refsource": "MISC",
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-spoofing(44527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5825",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5826 (GCVE-0-2008-5826)
Vulnerability from cvelistv5 – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://www.securityfocus.com/bid/30716 | vdb-entryx_refsource_BID |
| http://www.mulliner.org/security/advisories/nokia… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30716"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to cause a denial of service (device crash) via (1) a large value in the payload length field in an NDEF record, or a certain length for a (2) tel: or (3) sms: NDEF URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "30716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30716"
},
{
"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt",
"refsource": "MISC",
"url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "nokia-6131-ndef-uri-dos(44529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44529"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
},
{
"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5826",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5827 (GCVE-0-2008-5827)
Vulnerability from cvelistv5 – Published: 2009-01-02 19:00 – Updated: 2024-08-07 11:04
VLAI
EPSS
VEX
Summary
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://events.ccc.de/congress/2008/Fahrplan/attac… | x_refsource_MISC |
| http://events.ccc.de/congress/2008/Fahrplan/event… | x_refsource_MISC |
| http://www.mulliner.org/nfc/feed/collin_mulliner_… | x_refsource_MISC |
Date Public
2008-12-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs software upon completing the download of a JAR file, which makes it easier for remote attackers to execute arbitrary code via a crafted URI record in an NDEF tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"
},
{
"name": "nokia-6131-ndef-recordparser-dos(44528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44528"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"
},
{
"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"
},
{
"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf",
"refsource": "MISC",
"url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5827",
"datePublished": "2009-01-02T19:00:00.000Z",
"dateReserved": "2009-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:04:44.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}