Computer Security
[EN] securityvulns.ru no-pyccku


Apache Cordova multiple security vulnerabilities
Published:11.08.2014
Source:
SecurityVulns ID:13918
Type:local
Threat Level:
5/10
Description:Cross application scripting, restrictions bypass, information leakage.
Affected:APACHE : Cordova 3.5
CVE:CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.)
 CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.)
 CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.)
Original documentdocumentDavid Kaplan, (CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities (11.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod