Vulnerability Description
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yahoo | Tumblr | <= 3.4.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/95374
- http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipVendor Advisory
- http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85823
- https://itunes.apple.com/us/app/tumblr/id305343404Patch
- http://osvdb.org/95374
- http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipVendor Advisory
- http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85823
- https://itunes.apple.com/us/app/tumblr/id305343404Patch
FAQ
What is CVE-2013-4873?
CVE-2013-4873 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
How severe is CVE-2013-4873?
CVE-2013-4873 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4873?
Check the references section above for vendor advisories and patch information. Affected products include: Yahoo Tumblr.