JVNDB-2012-000014

[Japanese]
JVNDB-2012-000014
Multiple COOKPAD applications for Android vulnerable in WebView class
Overview
Multiple COOKPAD applications for Android contain a vulnerability in WebView class. Cookpad and Cookpad Noseru provided by COOKPAD Inc. are Android applications to search or post recipes. Cookpad and Cookpad Noseru contain a vulnerability in WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

Affected Products

COOKPAD Inc. COOKPAD (Android) 1.5.16 and earlier COOKPAD NOSERU (Android) 1.1.1 and earlier

Impact
If an user of the affected product uses other malicious Android application, the information contained in the affected product may be disclosed.
Solution
[Update the Software] Apply the latest update for each application according to the information provided by the developer.
Vendor Information
COOKPAD Inc. COOKPAD, Inc. : Cookpad - Android market application (Japanese Only) COOKPAD, Inc. : Cookpad Noseru - Android market application (Japanese Only) COOKPAD, Inc. : [Notification to Cookpad users] -- latest version which addressed security issue released (Japanese Only)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2012-0316
References
JVN : JVN#25731073 National Vulnerability Database (NVD) : CVE-2012-0316
Revision History
[2012/02/22] Web page was published [2012/02/29] Vendor Information : Content was added


Date Public	2012/02/22
Date First Published	2012/02/22
Date Last Updated	2012/02/29

Multiple COOKPAD applications for Android vulnerable in WebView class