CVE-2016-2567
Last modified
CVE-2016-2567 is a vulnerability of currently unknown severity. secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Galaxy S6 Firmware | g920fxxu2coh2 |
| Samsung | Galaxy Note 3 Firmware | n9005xxugbob6 |
References
- https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003Exploit, Technical Description, Third Party Advisory
- https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2567?
How severe is CVE-2016-2567?
How do I fix CVE-2016-2567?
Are you affected by CVE-2016-2567?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST