Vulnerability-Lookup

CVE-2015-2865 (GCVE-0-2015-2865)

Vulnerability from cvelistv5 – Published: 2015-06-19 14:00 – Updated: 2015-06-19 11:57

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2015-06-19T11:57:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-2865",
    "datePublished": "2015-06-19T14:00:00",
    "dateRejected": "2015-06-19T11:57:00",
    "dateReserved": "2015-04-03T00:00:00",
    "dateUpdated": "2015-06-19T11:57:00",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2865\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-06-19T14:59:01.287\",\"lastModified\":\"2023-11-07T02:25:26.910\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage\"}],\"metrics\":{},\"references\":[]}}"
  }
}

VAR-201506-0113

Vulnerability from variot - Updated: 2024-08-14 13:34

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-4640 and CWE-2015-4641 It was deleted after being divided into. CVE-2015-4640 and CWE-2015-4641 Please refer to. Samsung Galaxy S Pre-installed on the Swiftkey SDK There is a vulnerability in the keyboard function using, which does not correctly verify language pack updates. Inadequate verification of data reliability (CWE-345) - CVE-2015-2865 Samsung Galaxy S In Swiftkey SDK The keyboard function using is preinstalled. This keyboard function Samsung It is signed and operates with system privileges. This keyboard function regularly checks for language pack updates, HTTP Is done via. If the contents of communication are altered by a man-in-the-middle attack, there is a possibility that it may be abused to write arbitrary data to the device. CWE-345: Insufficient Verification of Data Authenticity http://cwe.mitre.org/data/definitions/345.htmlIntermediary by a remote third party (man-in-the-middle) An arbitrary data may be written to the device by the attack. However, Swiftkey Considering the frequency of update checks by, it is unlikely that such an attack is possible. Samsung Galaxy is Samsung's mid- to high-end smartphone product line. To the affected device. Samsung Galaxy S Phones are prone to a security-bypass vulnerability. Other attacks are also possible. Note: This BID is being retired as CVE-2015-2865 (Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability) is rejected and split into two issues. The following individual records exist to better document the issues: 75347 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability 75353 SwiftKey CVE-2015-4641 Directory Traversal Vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0113",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s4 mini",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s5",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s6",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "galaxy s phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:samsung:galaxy_s4",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:samsung:galaxy_s4_mini",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:samsung:galaxy_s5",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:samsung:galaxy_s6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ted Eull of NowSecure",
    "sources": [
      {
        "db": "BID",
        "id": "75229"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-2865",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "id": "CNVD-2015-03953",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CNVD",
            "id": "CNVD-2015-03953",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-4640 and CWE-2015-4641 It was deleted after being divided into. CVE-2015-4640 and CWE-2015-4641 Please refer to. Samsung Galaxy S Pre-installed on the Swiftkey SDK There is a vulnerability in the keyboard function using, which does not correctly verify language pack updates. Inadequate verification of data reliability (CWE-345) - CVE-2015-2865 Samsung Galaxy S In Swiftkey SDK The keyboard function using is preinstalled. This keyboard function Samsung It is signed and operates with system privileges. This keyboard function regularly checks for language pack updates, HTTP Is done via. If the contents of communication are altered by a man-in-the-middle attack, there is a possibility that it may be abused to write arbitrary data to the device. CWE-345: Insufficient Verification of Data Authenticity http://cwe.mitre.org/data/definitions/345.htmlIntermediary by a remote third party (man-in-the-middle) An arbitrary data may be written to the device by the attack. However, Swiftkey Considering the frequency of update checks by, it is unlikely that such an attack is possible. Samsung Galaxy is Samsung\u0027s mid- to high-end smartphone product line. To the affected device. Samsung Galaxy S Phones are prone to a security-bypass vulnerability. Other attacks are also possible. \nNote: This BID is being retired as CVE-2015-2865 (Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability) is rejected and split into two issues.  The following individual records exist to better document the issues:\n75347 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability\n75353 SwiftKey CVE-2015-4641 Directory Traversal Vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2865"
      },
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "db": "BID",
        "id": "75229"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2865",
        "trust": 3.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#155412",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "75229",
        "trust": 1.5
      },
      {
        "db": "JVN",
        "id": "JVNVU94598171",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "db": "BID",
        "id": "75229"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2865"
      }
    ]
  },
  "id": "VAR-201506-0113",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      }
    ],
    "trust": 1.27860278
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:34:00.661000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information Regarding the Keyboard Security Issue and Our Device Policy Update",
        "trust": 0.8,
        "url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
      },
      {
        "title": "Is my Samsung device open to a security hack or vulnerability through the keyboard?",
        "trust": 0.8,
        "url": "https://support.swiftkey.com/hc/en-us/articles/203483421"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.kb.cert.org/vuls/id/155412"
      },
      {
        "trust": 0.8,
        "url": "https://www.nowsecure.com/blog/2015/06/23/on-detecting-and-preventing-the-samsung-ime-keyboard-swiftkey-language-pack-update-vulnerability/"
      },
      {
        "trust": 0.8,
        "url": "https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/"
      },
      {
        "trust": 0.8,
        "url": "http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/"
      },
      {
        "trust": 0.8,
        "url": "http://swiftkey.com/en/blog/samsung-keyboard-security-vulnerability-swiftkey/"
      },
      {
        "trust": 0.8,
        "url": "http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/"
      },
      {
        "trust": 0.8,
        "url": "https://www.blackhat.com/ldn-15/summit.html#abusing-android-apps-and-gaining-remote-code-execution"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/300.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2865"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94598171/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/75229"
      },
      {
        "trust": 0.3,
        "url": "http://www.samsung.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "db": "BID",
        "id": "75229"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "db": "BID",
        "id": "75229"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2865"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "date": "2015-06-17T00:00:00",
        "db": "BID",
        "id": "75229"
      },
      {
        "date": "2015-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "date": "2015-06-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      },
      {
        "date": "2015-06-19T14:59:01.287000",
        "db": "NVD",
        "id": "CVE-2015-2865"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#155412"
      },
      {
        "date": "2015-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03953"
      },
      {
        "date": "2015-07-15T00:41:00",
        "db": "BID",
        "id": "75229"
      },
      {
        "date": "2015-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003171"
      },
      {
        "date": "2015-06-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      },
      {
        "date": "2023-11-07T02:25:26.910000",
        "db": "NVD",
        "id": "CVE-2015-2865"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#155412"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-449"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-03953

Vulnerability from cnvd - Published: 2015-06-25

Title

Samsung Galaxy S手机远程代码执行漏洞

Description

Samsung Galaxy是三星中高端智能手机系列产品。Swiftkey keyboard是预装在Galaxy S系列手机中用system权限操作的键盘应用程序。 Samsung Galaxy S4 Mini, S4, S5, S6系列智能设备未能验证Swiftkey语言包更新，默认情况下，Swiftkey会通过HTTP检查语言包更新，攻击者可以通过中间人攻击修改某些字段，将任意数据写入到受影响设备。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.samsung.com/

Reference

https://www.kb.cert.org/vuls/id/155412

Impacted products

Name
Samsung Galaxy S Phones

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75229"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2865"
    }
  },
  "description": "Samsung Galaxy\u662f\u4e09\u661f\u4e2d\u9ad8\u7aef\u667a\u80fd\u624b\u673a\u7cfb\u5217\u4ea7\u54c1\u3002Swiftkey keyboard\u662f\u9884\u88c5\u5728Galaxy S\u7cfb\u5217\u624b\u673a\u4e2d\u7528system\u6743\u9650\u64cd\u4f5c\u7684\u952e\u76d8\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSamsung Galaxy S4 Mini, S4, S5, S6\u7cfb\u5217\u667a\u80fd\u8bbe\u5907\u672a\u80fd\u9a8c\u8bc1Swiftkey\u8bed\u8a00\u5305\u66f4\u65b0\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cSwiftkey\u4f1a\u901a\u8fc7HTTP\u68c0\u67e5\u8bed\u8a00\u5305\u66f4\u65b0\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u4fee\u6539\u67d0\u4e9b\u5b57\u6bb5\uff0c\u5c06\u4efb\u610f\u6570\u636e\u5199\u5165\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u3002",
  "discovererName": "Ted Eull of NowSecure",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.samsung.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03953",
  "openTime": "2015-06-25",
  "products": {
    "product": "Samsung Galaxy S Phones"
  },
  "referenceLink": "https://www.kb.cert.org/vuls/id/155412",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-23",
  "title": "Samsung Galaxy S\u624b\u673a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2015-2865

Vulnerability from fkie_nvd - Published: 2015-06-19 14:59 - Updated: 2023-11-07 02:25

Severity ?

Summary

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage"
    }
  ],
  "id": "CVE-2015-2865",
  "lastModified": "2023-11-07T02:25:26.910",
  "metrics": {},
  "published": "2015-06-19T14:59:01.287",
  "references": [],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Rejected"
}

GSD-2015-2865

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.

Aliases

CVE-2015-2865

Aliases

CVE-2015-2865

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2865",
    "description": "** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.",
    "id": "GSD-2015-2865"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2865"
      ],
      "details": "** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.",
      "id": "GSD-2015-2865",
      "modified": "2023-12-13T01:20:00.866613Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2865",
        "STATE": "REJECT"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-4640, CVE-2015-4641.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2865 (GCVE-0-2015-2865)

VAR-201506-0113

CNVD-2015-03953

FKIE_CVE-2015-2865

GSD-2015-2865

Tags

Sightings

Nomenclature