CVE-2013-4873

Published: Jul 18, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (1)

Products: Yahoo: Tumblr

Yahoo

1 product

Tumblr

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yahoo Tumblr	Up to 3.4.0

Related CWEs

CWE-255

References (10)

http://osvdb.org/95374

Source: cve@mitre.org

http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users

Source: cve@mitre.org

Vendor Advisory

http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/85823

Source: cve@mitre.org

https://itunes.apple.com/us/app/tumblr/id305343404

Source: cve@mitre.org

Patch

http://osvdb.org/95374