VAR-201608-0085
Vulnerability from variot - Updated: 2025-04-13 23:17Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. Intel Crosswalk Project Is Android and iOS A framework for developing hybrid apps Crosswalk Project Is illegal SSL There is a problem in the processing when the user accepts the server certificate, and the application SSL Validation of all server certificates may be hindered. Issue that does not warn the user that the operation is unsafe (CWE-356) - CVE-2016-5672 Fraudulent SSL If a server certificate is detected, Crosswalk Project Apps created using show an error message. The user gets this error message "OK" If you select, the app SSL Server certificate verification will not be performed. The error message indicates that the app is permanently SSL It is not clearly stated that the server certificate will no longer be verified, and the same message will not be displayed again. CWE-356: Product UI does not Warn User of Unsafe Actions http://cwe.mitre.org/data/definitions/356.html Researchers are releasing more detailed information as security advisories. Also, Intel Corporation Has also created a blog post about this issue. Security advisory https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/ Blog post http://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/Once you set to allow unauthorized server certificates, SSL Man-in-the-middle attacks where all server certificates are no longer verified (man-in-the-middle attack) May be done. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. The issue is fixed in following versions: Intel Crosswalk 19.49.514.5, 20.50.533.11, 21.51.546.0, and 22.51.549.0. Intel Crosswalk is a set of Web engines developed by Intel Corporation of the United States. [Original at: https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/]
Summary
The Intel Crosswalk Project library for cross-platform mobile development did not properly handle SSL errors. This behaviour could subject applications developed using this library to SSL MITM attacks.
Vulnerability Details
The Crosswalk Project, created by Intels Open Source Technology Center, allows mobile developers to use HTML, CSS and Javascript to develop and deploy mobile apps across multiple platforms from the same codebase. The library packages the HTML assets provided by the developer and runs them inside a WebView on the device. The library also bridges some of the common APIs and services from the Javascript code in the WebView to the underlying platform. It is implemented in multiple apps, some of which can be found here. This applies even to connections over different WiFi hotspots and different certificates. This may allow a network-level attacker to mount MITM attack using invalid SSL certificate and capture sensitive data. This issue has been fixed in the following versions of Crosswalk and all users of the library are encouraged to upgrade:
- 19.49.514.5 (stable)
- 20.50.533.11 (beta)
- 21.51.546.0 (beta)
- 22.51.549.0 (canary)
This issue was originally discovered while testing a third-party Android app using this library.
References
CERT/CC vulnerability note: https://www.kb.cert.org/vuls/id/217871
Crosswalk security advisory: https://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-July/002167.html
CVE - CVE-2016-5672: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5672
Intel blog post: https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/
Credits
Thank you to CERT/CC for coordination on this issue, and to the Intel Open Source Technology Center for the fix.
Timeline
2016-05-25: Reported issue to the Intel PSIRT, got an automated reply 2016-05-30: Reached out to CERT/CC for help reaching Intel 2016-06-01: Request from CERT/CC for more details, provided details via secure form 2016-06-15: Response from CERT/CC that Intel is planning a fix within 45 days 2016-06-23: Direct contact from Intel 2016-07-01: Asking CERT/CC to reserve a CVE, CERT/CC assigns a CVE 2016-07-22: Intel fix is finished and ready for testing 2016-07-25: We confirm the fix and coordinate disclosure dates 2016-07-29: Coordinated public disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crosswalk",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "19.49.514.4"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "19.49.514.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "crosswalk project",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "19.49.514.5 (stable) earlier"
},
{
"model": "crosswalk project",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "20.50.533.11 (beta) earlier"
},
{
"model": "crosswalk project",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "21.51.546.0 (beta) earlier"
},
{
"model": "crosswalk project",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "22.51.549.0 (canary) earlier"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "22.51.552.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "22.51.551.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "22.51.550.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "21.51.546.3"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "21.51.546.2"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "21.51.546.1"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "21.50.540.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.533.9"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.533.8"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.533.12"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.533.10"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.530.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "20.49.520.0"
},
{
"model": "crosswalk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "19.49.510.0"
},
{
"model": "crosswalk",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "22.51.549.0"
},
{
"model": "crosswalk",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "21.51.546.0"
},
{
"model": "crosswalk",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "20.50.533.11"
},
{
"model": "crosswalk",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "19.49.514.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "BID",
"id": "92199"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:crosswalk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nightwatch Cybersecurity Research",
"sources": [
{
"db": "BID",
"id": "92199"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5672",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5672",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94491",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5672",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5672",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5672",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-1061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94491",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user\u0027s acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. Intel Crosswalk Project Is Android and iOS A framework for developing hybrid apps Crosswalk Project Is illegal SSL There is a problem in the processing when the user accepts the server certificate, and the application SSL Validation of all server certificates may be hindered. Issue that does not warn the user that the operation is unsafe (CWE-356) - CVE-2016-5672 Fraudulent SSL If a server certificate is detected, Crosswalk Project Apps created using show an error message. The user gets this error message \"OK\" If you select, the app SSL Server certificate verification will not be performed. The error message indicates that the app is permanently SSL It is not clearly stated that the server certificate will no longer be verified, and the same message will not be displayed again. CWE-356: Product UI does not Warn User of Unsafe Actions http://cwe.mitre.org/data/definitions/356.html Researchers are releasing more detailed information as security advisories. Also, Intel Corporation Has also created a blog post about this issue. Security advisory https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/ Blog post http://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/Once you set to allow unauthorized server certificates, SSL Man-in-the-middle attacks where all server certificates are no longer verified (man-in-the-middle attack) May be done. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. \nThe issue is fixed in following versions:\nIntel Crosswalk 19.49.514.5, 20.50.533.11, 21.51.546.0, and 22.51.549.0. Intel Crosswalk is a set of Web engines developed by Intel Corporation of the United States. [Original at: https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/]\n\nSummary\n\nThe Intel Crosswalk Project library for cross-platform mobile\ndevelopment did not properly handle SSL errors. This behaviour could\nsubject applications developed using this library to SSL MITM attacks. \n\nVulnerability Details\n\nThe Crosswalk Project, created by Intels Open Source Technology\nCenter, allows mobile developers to use HTML, CSS and Javascript to\ndevelop and deploy mobile apps across multiple platforms from the same\ncodebase. The library packages the HTML assets provided by the\ndeveloper and runs them inside a WebView on the device. The library\nalso bridges some of the common APIs and services from the Javascript\ncode in the WebView to the underlying platform. It is implemented in\nmultiple apps, some of which can be found here. This applies even to connections over different WiFi\nhotspots and different certificates. This may allow a network-level\nattacker to mount MITM attack using invalid SSL certificate and\ncapture sensitive data. This issue\nhas been fixed in the following versions of Crosswalk and all users of\nthe library are encouraged to upgrade:\n\n- 19.49.514.5 (stable)\n- 20.50.533.11 (beta)\n- 21.51.546.0 (beta)\n- 22.51.549.0 (canary)\n\nThis issue was originally discovered while testing a third-party\nAndroid app using this library. \n\nReferences\n\nCERT/CC vulnerability note:\nhttps://www.kb.cert.org/vuls/id/217871\n\nCrosswalk security advisory:\nhttps://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-July/002167.html\n\nCVE - CVE-2016-5672:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5672\n\nIntel blog post:\nhttps://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/\n\nCredits\n\nThank you to CERT/CC for coordination on this issue, and to the Intel\nOpen Source Technology Center for the fix. \n\nTimeline\n\n2016-05-25: Reported issue to the Intel PSIRT, got an automated reply\n2016-05-30: Reached out to CERT/CC for help reaching Intel\n2016-06-01: Request from CERT/CC for more details, provided details\nvia secure form\n2016-06-15: Response from CERT/CC that Intel is planning a fix within 45 days\n2016-06-23: Direct contact from Intel\n2016-07-01: Asking CERT/CC to reserve a CVE, CERT/CC assigns a CVE\n2016-07-22: Intel fix is finished and ready for testing\n2016-07-25: We confirm the fix and coordinate disclosure dates\n2016-07-29: Coordinated public disclosure\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5672"
},
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "BID",
"id": "92199"
},
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "PACKETSTORM",
"id": "138107"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/217871",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#217871",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2016-5672",
"trust": 2.9
},
{
"db": "BID",
"id": "92199",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "138107",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU93087310",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94491",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "BID",
"id": "92199"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "PACKETSTORM",
"id": "138107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"id": "VAR-201608-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94491"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:17:53.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Crosswalk Security Vulnerability - Intel Software and Services",
"trust": 0.8,
"url": "http://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/"
},
{
"title": "Intel Crosswalk Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63364"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/"
},
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/217871"
},
{
"trust": 2.5,
"url": "https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue"
},
{
"trust": 1.8,
"url": "https://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-july/002167.html"
},
{
"trust": 1.7,
"url": "https://crosswalk-project.org/jira/browse/xwalk-6986"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92199"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539051/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/138107/intel-crosswalk-project-man-in-the-middle.html"
},
{
"trust": 1.1,
"url": "https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5672"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93087310/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5672"
},
{
"trust": 0.3,
"url": "https://crosswalk-project.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5672"
},
{
"trust": 0.1,
"url": "https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue/]"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "BID",
"id": "92199"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "PACKETSTORM",
"id": "138107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#217871"
},
{
"db": "VULHUB",
"id": "VHN-94491"
},
{
"db": "BID",
"id": "92199"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"db": "PACKETSTORM",
"id": "138107"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#217871"
},
{
"date": "2016-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94491"
},
{
"date": "2016-07-29T00:00:00",
"db": "BID",
"id": "92199"
},
{
"date": "2016-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"date": "2016-07-29T12:55:55",
"db": "PACKETSTORM",
"id": "138107"
},
{
"date": "2016-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"date": "2016-08-01T02:59:17.870000",
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#217871"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-94491"
},
{
"date": "2016-07-29T00:00:00",
"db": "BID",
"id": "92199"
},
{
"date": "2016-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004107"
},
{
"date": "2016-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-1061"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5672"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel CrossWalk project does not validate SSL certificates after first acceptance",
"sources": [
{
"db": "CERT/CC",
"id": "VU#217871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-1061"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…