Vulnerabilites related to Apache - Cordova
Vulnerability from fkie_nvd
Published
2016-05-09 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BA6EE506-56CA-4B72-9C7B-DF832C3BFF2B",
"versionEndIncluding": "3.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods."
},
{
"lang": "es",
"value": "Apache Cordova iOS en versiones anteriores a 4.0.0 podr\u00edan permitir a atacantes eludir un mecanismo de protecci\u00f3n de lista blanca de URL en una aplicaci\u00f3n y cargar recursos arbitrarios aprovechando m\u00e9todos no especificados."
}
],
"id": "CVE-2015-5207",
"lastModified": "2024-11-21T02:32:33.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-09T20:59:00.133",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
},
{
"source": "secalert@redhat.com",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/88764"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 17:15
Modified
2024-11-21 05:48
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| systeminformation | systeminformation | * | |
| apache | cordova | 10.0.0 |
{
"cisaActionDue": "2022-02-01",
"cisaExploitAdd": "2022-01-18",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "System Information Library for Node.JS Command Injection",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "52B945D4-063D-4674-9AF0-12AD903B3B55",
"versionEndExcluding": "5.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:10.0.0:*:*:*:*:-:*:*",
"matchCriteriaId": "480219C3-0BEA-4B50-979E-88EA4E8F1DD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System Information Library for Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected."
},
{
"lang": "es",
"value": "La Biblioteca System Information para Node.JS (paquete npm \"systeminformation\") es una colecci\u00f3n de funciones de c\u00f3digo abierto para recuperar informaci\u00f3n detallada sobre el hardware, el sistema y el SO. En systeminformation versiones anteriores a 5.3.1, se presenta una vulnerabilidad de inyecci\u00f3n de comandos. El problema se ha corregido en la versi\u00f3n 5.3.1. Como soluci\u00f3n en lugar de actualizar, aseg\u00farese de comprobar o sanear los par\u00e1metros de servicio que son pasados a las funciones si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... s\u00f3lo permiten cadenas, rechazan cualquier matriz. El saneamiento de cadenas funciona como se esperaba"
}
],
"id": "CVE-2021-21315",
"lastModified": "2024-11-21T05:48:00.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T17:15:13.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0007/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.npmjs.com/package/systeminformation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.npmjs.com/package/systeminformation"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-09 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BA6EE506-56CA-4B72-9C7B-DF832C3BFF2B",
"versionEndIncluding": "3.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link."
},
{
"lang": "es",
"value": "Apache Cordova iOS en versiones anteriores a 4.0.0 permite a atacantes remotos ejecutar plugins arbitrarios a trav\u00e9s de un enlace."
}
],
"id": "CVE-2015-5208",
"lastModified": "2024-11-21T02:32:33.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-09T20:59:02.417",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://jvn.jp/en/jp/JVN41772178/index.html"
},
{
"source": "secalert@redhat.com",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/538210/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/88797"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN41772178/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-30 19:29
Modified
2024-11-21 02:01
Severity ?
Summary
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cordova_in-app-browser | * | |
| apache | cordova | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova_in-app-browser:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F00503CE-5126-459D-A86C-4EBD03AADBDD",
"versionEndIncluding": "0.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "9A33FFF9-7ECC-4C8D-AEA6-4C33A958A3D5",
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI."
},
{
"lang": "es",
"value": "La clase CDVInAppBrowser en el plugin independiente Apache Cordova In-App-Browser (org.apache.cordova.inappbrowser) en versiones anteriores a la 0.3.2 para iOS y el plugin In-App-Browser para iOS de Cordova desde la versi\u00f3n 2.6.0 hasta la 2.9.0 no valida correctamente los identificadores de devoluci\u00f3n de llamada. Esto permite que atacantes remotos ejecuten c\u00f3digo JavaScript arbitrario en la p\u00e1gina del host y, consecuentemente, obtengan privilegios mediante un URI gap-iab: manipulado."
}
],
"id": "CVE-2014-0073",
"lastModified": "2024-11-21T02:01:18.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-30T19:29:00.373",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"source": "secalert@redhat.com",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-15 21:59
Modified
2024-11-21 02:08
Severity ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*",
"matchCriteriaId": "43A4D9C1-7942-45BF-9016-A7791CAE8B8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent."
},
{
"lang": "es",
"value": "Apache Cordova Android anterior a 3.5.1 permite a atacantes remotos abrir y enviar datos a aplicaciones arbitrarias a trav\u00e9s una URL con un esquema URI manipulado para un intento Android."
}
],
"id": "CVE-2014-3502",
"lastModified": "2024-11-21T02:08:14.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-15T21:59:04.227",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69046"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-15 21:59
Modified
2024-11-21 02:08
Severity ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "AB433CD9-DE60-489E-889D-7559F23136A1",
"versionEndIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL."
},
{
"lang": "es",
"value": "Vulnerabilidad en la aplicaci\u00f3n Apache Cordova para Android en versiones inferiores a la 3.5.1 permite a atacantes remotos cambiar la p\u00e1gina de inicio a trav\u00e9s de URL manipuladas."
}
],
"id": "CVE-2014-3500",
"lastModified": "2024-11-21T02:08:14.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-15T21:59:01.460",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69038"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-23 11:59
Modified
2024-11-21 02:32
Severity ?
Summary
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6C258FB7-4FE2-48EB-9B95-2544F84AA3B3",
"versionEndIncluding": "3.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI."
},
{
"lang": "es",
"value": "Apache Cordova-Android en versiones anteriores a 4.1.0, cuando una aplicaci\u00f3n conf\u00eda en un servidor remoto, implementa de manera incorrecta un mecanismo de protecci\u00f3n de lista blanca JavaScript, lo que permite a atacantes eludir las restricciones destinadas al acceso a trav\u00e9s de una URI manipulada."
}
],
"id": "CVE-2015-5256",
"lastModified": "2024-11-21T02:32:39.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-23T11:59:00.127",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://jvn.jp/en/jp/JVN18889193/index.html"
},
{
"source": "secalert@redhat.com",
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/536944/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/77677"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN18889193/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536944/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-01 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://jvn.jp/en/jp/JVN59779918/index.html | Third Party Advisory | |
| security@apache.org | https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN59779918/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:4.1.0:*:*:*:*:android:*:*",
"matchCriteriaId": "D93463B8-20CA-49B2-AE62-50D4C75B418B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally."
},
{
"lang": "es",
"value": "Hemos resuelto un problema de seguridad en el plugin de la c\u00e1mara que podr\u00eda haber afectado a determinadas aplicaciones de Cordova (Android).\u0026#xa0;Un atacante que pudiera instalar (o hacer que la v\u00edctima instale) una aplicaci\u00f3n de Android especialmente dise\u00f1ada (o maliciosa) podr\u00eda acceder a las im\u00e1genes tomadas con la aplicaci\u00f3n externamente"
}
],
"id": "CVE-2020-11990",
"lastModified": "2024-11-21T04:59:03.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T17:15:13.133",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN59779918/index.html"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN59779918/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-30 19:29
Modified
2024-11-21 02:01
Severity ?
Summary
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cordova_file_transfer | * | |
| apache | cordova | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova_file_transfer:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6BB4806B-8C36-4438-B7CF-CE7AB4EDB949",
"versionEndIncluding": "0.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "AAAEF4EC-AAD2-4E7E-909E-E215270D10AF",
"versionEndIncluding": "2.9.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option."
},
{
"lang": "es",
"value": "ios/CDVFileTransfer.m en el plugin independiente Apache Cordova File-Transfer (org.apache.cordova.file-transfer) en versiones anteriores a la 0.4.2 para iOS y el plugin File-Transfer para iOS de Cordova desde la versi\u00f3n 2.4.0 hasta la 2.9.0 podr\u00eda permitir que atacantes remotos suplanten servidores SSL aprovechando un valor true por defecto para la opci\u00f3n trustAllHosts."
}
],
"id": "CVE-2014-0072",
"lastModified": "2024-11-21T02:01:17.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-30T19:29:00.327",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/29"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/531335/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91561"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668"
},
{
"source": "secalert@redhat.com",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531335/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-27 19:29
Modified
2024-11-21 02:26
Severity ?
Summary
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/ | Exploit, Technical Description, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/74866 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://cordova.apache.org/announcements/2015/05/26/android-402.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74866 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cordova.apache.org/announcements/2015/05/26/android-402.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "B847498C-3CDC-4BFA-A704-FE05A1D12261",
"versionEndIncluding": "3.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:4.0.0:*:*:*:*:android:*:*",
"matchCriteriaId": "91B10150-515B-4B60-88CE-BA536FEE2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:4.0.1:*:*:*:*:android:*:*",
"matchCriteriaId": "C3419E8A-8461-4BEE-95F7-82AB6071050B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL."
},
{
"lang": "es",
"value": "Apache Cordova Android en versiones anteriores a la 3.7.2 y versiones 4.x anteriores a la 4.0.2, cuando una aplicaci\u00f3n no establece valores expl\u00edcitos en config.xml, permite que atacantes remotos modifiquen variables de configuraci\u00f3n secundarias no definidas (preferencias) mediante una URL intent: manipulada."
}
],
"id": "CVE-2015-1835",
"lastModified": "2024-11-21T02:26:14.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-27T19:29:00.300",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74866"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/05/26/android-402.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/05/26/android-402.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-23 11:59
Modified
2024-11-21 02:38
Severity ?
Summary
Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6C258FB7-4FE2-48EB-9B95-2544F84AA3B3",
"versionEndIncluding": "3.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value."
},
{
"lang": "es",
"value": "Apache Cordova-Android en versiones anteriores a 3.7.0 genera de manera incorrecta valores aleatorios para datos BridgeSecret, lo que facilita a atacantes llevar a cabo ataques de secuestro de puente mediante la predicci\u00f3n de un valor."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/330.html\"\u003eCWE-330: Use of Insufficiently Random Values\u003c/a\u003e",
"id": "CVE-2015-8320",
"lastModified": "2024-11-21T02:38:17.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-23T11:59:01.863",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/536945/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/77679"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536945/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 04:50
Modified
2024-11-21 02:05
Severity ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cordova | * | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.3.0 | |
| microsoft | windows_phone | 7 | |
| microsoft | windows_phone | 8 | |
| adobe | phonegap | * | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.1.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.8.0 | |
| adobe | phonegap | 2.8.1 | |
| adobe | phonegap | 2.9.0 | |
| microsoft | windows_phone | 7 | |
| microsoft | windows_phone | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5703F-E43E-4F18-AC7B-534761942DCC",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74BBFE10-2CB5-446D-9D83-E5C39F6F47C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "273742B5-559F-4BC5-994E-D559D4008108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2A0ACB-2E9C-4639-8C9B-4F0004C8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8A468C2-55F1-4C6C-A547-D7E5B68EABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C93B210-E664-447B-8859-0432CE8D4F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8F8721A-3968-438A-967D-B8B911F73CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE1A4A77-DC7F-4C97-A7FC-5BF7E73D5DB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_phone:7:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF422A0-389C-4C86-9A9D-5917F7F34E6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_phone:8:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDA3A48-1527-4B8F-AE9E-9D405CC7D253",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:phonegap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE71EC19-A23D-45B1-984B-DDD27A3DF2F8",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B05BE6-D8DA-40C8-BA86-67B1FD906975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C57DD500-22A7-4209-AEF7-DC8930F1BDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16EC33AF-5D22-418D-8604-EB549A197209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8124E0-6A2F-493E-875E-1D0E613A366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D6D5BDFF-A635-45D6-A346-754BFACD00A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0A0B3637-4927-47AD-87A0-EE411C12EE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6451A3E-BEB0-4EE0-AD88-8CE3E048CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EBEEDD73-74C5-4299-8509-324A829623D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0BC85762-A07D-4C44-8458-08FC2F717462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C19E85E-6E96-4F24-8A10-393B9DB1770F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA489695-A354-4921-903F-65AD650BCB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B534832-D498-4881-AC3D-342FE50FC405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4C20AC3F-8A9D-4450-AB38-2FC4A19605F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7121F63A-3A8E-458F-87F2-DFA5A16802AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC93C958-7FBC-427E-89E4-C84B97471EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B0017-2BF3-4315-BFF5-B7CD5DF98A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7535E5BD-A4F0-45B9-BA79-8FE2783A58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDC0304-7948-41DF-A330-1773E3B6336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "695CDE63-FDA3-4EDC-8D1E-D8921CCD3B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F500CA59-28E5-4EC0-B698-2A26DD4BCC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_phone:7:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF422A0-389C-4C86-9A9D-5917F7F34E6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_phone:8:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDA3A48-1527-4B8F-AE9E-9D405CC7D253",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."
},
{
"lang": "es",
"value": "Apache Cordova 3.3.0 y anteriores y Adobe PhoneGap 2.9.0 y anteriores en Windows Phone 7 y 8 no restringen debidamente eventos de navegaci\u00f3n, lo que permite a atacantes remotos evadir restricciones \"device-resource\" a trav\u00e9s de contenido que es accedido (1) en un elemento IFRAME o (2) con el m\u00e9todo XMLHttpRequest mediante una aplicaci\u00f3n manipulada."
}
],
"id": "CVE-2014-1884",
"lastModified": "2024-11-21T02:05:12.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T04:50:46.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-15 21:59
Modified
2024-11-21 02:08
Severity ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*",
"matchCriteriaId": "43A4D9C1-7942-45BF-9016-A7791CAE8B8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView."
},
{
"lang": "es",
"value": "Apache Cordova Android anterior a 3.5.1 permite a atacantes remotos saltar la whitelist de HTTP y conectarse a servidores arbitrarios usando JavaScript para abrir las conexiones de WebSocket a trav\u00e9s de WebView."
}
],
"id": "CVE-2014-3501",
"lastModified": "2024-11-21T02:08:14.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-15T21:59:03.023",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69041"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 04:50
Modified
2024-11-21 02:05
Severity ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cordova | * | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.3.0 | |
| adobe | phonegap | * | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.1.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.8.0 | |
| adobe | phonegap | 2.8.1 | |
| adobe | phonegap | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5703F-E43E-4F18-AC7B-534761942DCC",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74BBFE10-2CB5-446D-9D83-E5C39F6F47C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "273742B5-559F-4BC5-994E-D559D4008108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2A0ACB-2E9C-4639-8C9B-4F0004C8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8A468C2-55F1-4C6C-A547-D7E5B68EABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C93B210-E664-447B-8859-0432CE8D4F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8F8721A-3968-438A-967D-B8B911F73CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE1A4A77-DC7F-4C97-A7FC-5BF7E73D5DB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:phonegap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE71EC19-A23D-45B1-984B-DDD27A3DF2F8",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B05BE6-D8DA-40C8-BA86-67B1FD906975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C57DD500-22A7-4209-AEF7-DC8930F1BDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16EC33AF-5D22-418D-8604-EB549A197209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8124E0-6A2F-493E-875E-1D0E613A366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D6D5BDFF-A635-45D6-A346-754BFACD00A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0A0B3637-4927-47AD-87A0-EE411C12EE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6451A3E-BEB0-4EE0-AD88-8CE3E048CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EBEEDD73-74C5-4299-8509-324A829623D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0BC85762-A07D-4C44-8458-08FC2F717462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C19E85E-6E96-4F24-8A10-393B9DB1770F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA489695-A354-4921-903F-65AD650BCB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B534832-D498-4881-AC3D-342FE50FC405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4C20AC3F-8A9D-4450-AB38-2FC4A19605F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7121F63A-3A8E-458F-87F2-DFA5A16802AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC93C958-7FBC-427E-89E4-C84B97471EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B0017-2BF3-4315-BFF5-B7CD5DF98A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7535E5BD-A4F0-45B9-BA79-8FE2783A58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDC0304-7948-41DF-A330-1773E3B6336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "695CDE63-FDA3-4EDC-8D1E-D8921CCD3B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F500CA59-28E5-4EC0-B698-2A26DD4BCC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization."
},
{
"lang": "es",
"value": "Apache Cordova 3.3.0 y anteriores y Adobe PhoneGap 2.9.0 y anteriores permiten a atacantes remotos evadir restricciones \"device-resource\" de un puente basado en eventos a trav\u00e9s de un clon de librar\u00eda manipulada que aprovecha la ejecuci\u00f3n de script IFRAME y espera una cierta cantidad de tiempo para un valor de vuelta del manejador OnJsPrompt como alternativa a la sincronizaci\u00f3n correcta."
}
],
"id": "CVE-2014-1881",
"lastModified": "2024-11-21T02:05:11.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T04:50:46.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-01 21:29
Modified
2024-11-21 03:24
Severity ?
Summary
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.securityfocus.com/bid/95838 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://cordova.apache.org/announcements/2017/01/27/android-612.html | Mitigation, Vendor Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95838 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cordova.apache.org/announcements/2017/01/27/android-612.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "022BC79F-AC22-41B8-B6AF-BC027E8F38D1",
"versionEndExcluding": "6.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip"
},
{
"lang": "es",
"value": "Despu\u00e9s de a\u00f1adir la plataforma Android a Cordova por primera vez o despu\u00e9s de crear un proyecto utilizando los build scripts, los scripts recuperar\u00e1n Gradle en su primera build. Sin embargo, dado que la URI por defecto no utiliza https, es vulnerable a MiTM y el ejecutable Gradle no es seguro. La criticidad de esta vulnerabilidad es alta dado que los build scripts empiezan inmediatamente una build despu\u00e9s de que se recupere Gradle. Los desarrolladores que sean conscientes de este problema deber\u00edan instalar la versi\u00f3n 6.1.2 o superior de Cordova-Android. Si los desarrolladores no pueden instalar la \u00faltima versi\u00f3n, esta vulnerabilidad se puede mitigar f\u00e1cilmente configurando la variable de entorno CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL en https://services.gradle.org/distributions/gradle-2.14.1-all.zip."
}
],
"id": "CVE-2017-3160",
"lastModified": "2024-11-21T03:24:57.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-01T21:29:00.197",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95838"
},
{
"source": "security@apache.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 04:50
Modified
2024-11-21 02:05
Severity ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | phonegap | * | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.1.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.8.0 | |
| adobe | phonegap | 2.8.1 | |
| adobe | phonegap | 2.9.0 | |
| apache | cordova | * | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:phonegap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE71EC19-A23D-45B1-984B-DDD27A3DF2F8",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B05BE6-D8DA-40C8-BA86-67B1FD906975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C57DD500-22A7-4209-AEF7-DC8930F1BDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16EC33AF-5D22-418D-8604-EB549A197209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8124E0-6A2F-493E-875E-1D0E613A366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D6D5BDFF-A635-45D6-A346-754BFACD00A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0A0B3637-4927-47AD-87A0-EE411C12EE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6451A3E-BEB0-4EE0-AD88-8CE3E048CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EBEEDD73-74C5-4299-8509-324A829623D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0BC85762-A07D-4C44-8458-08FC2F717462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C19E85E-6E96-4F24-8A10-393B9DB1770F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA489695-A354-4921-903F-65AD650BCB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B534832-D498-4881-AC3D-342FE50FC405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4C20AC3F-8A9D-4450-AB38-2FC4A19605F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7121F63A-3A8E-458F-87F2-DFA5A16802AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC93C958-7FBC-427E-89E4-C84B97471EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B0017-2BF3-4315-BFF5-B7CD5DF98A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7535E5BD-A4F0-45B9-BA79-8FE2783A58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDC0304-7948-41DF-A330-1773E3B6336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "695CDE63-FDA3-4EDC-8D1E-D8921CCD3B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F500CA59-28E5-4EC0-B698-2A26DD4BCC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5703F-E43E-4F18-AC7B-534761942DCC",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74BBFE10-2CB5-446D-9D83-E5C39F6F47C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "273742B5-559F-4BC5-994E-D559D4008108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2A0ACB-2E9C-4639-8C9B-4F0004C8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8A468C2-55F1-4C6C-A547-D7E5B68EABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C93B210-E664-447B-8859-0432CE8D4F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8F8721A-3968-438A-967D-B8B911F73CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE1A4A77-DC7F-4C97-A7FC-5BF7E73D5DB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls."
},
{
"lang": "es",
"value": "Apache Cordova 3.3.0 y anteriores y Adobe PhoneGap 2.9.0 y anteriores permiten a atacantes remotos evadir restricciones \"device-resource\" de un puente basado en eventos a trav\u00e9s de un clon de librer\u00eda manipulada que aprovecha la ejecuci\u00f3n de script IFRAME y acceda directamente objetos JavaScript puente, tal y como se demostr\u00f3 con ciertas llamadas cordova.require."
}
],
"id": "CVE-2014-1882",
"lastModified": "2024-11-21T02:05:12.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T04:50:46.283",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "cve@mitre.org",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 15:29
Modified
2024-11-21 02:56
Severity ?
Summary
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*",
"matchCriteriaId": "C5AF4A21-17E3-492A-BEA9-73C891342BAD",
"versionEndIncluding": "5.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."
},
{
"lang": "es",
"value": "Producto: Apache Cordova Android versiones 5.2.2 y anteriores. La aplicaci\u00f3n llama a los m\u00e9todos de la clase Log. Los mensajes pasados hacia estos m\u00e9todos (Log.v(), Log.d(), Log.i(), Log.w(), y Log.e()) son almacenados en una serie de b\u00faferes circulares en el dispositivo. Por defecto, se guardan un m\u00e1ximo de cuatro registros rotatorios de 16 KB adem\u00e1s del registro actual. Los datos registrados pueden ser le\u00eddos con Logcat en el dispositivo. Cuando se usan plataformas anteriores a Android versi\u00f3n 4.1 (Jelly Bean), los datos de registro no son procesados por un sandbox por aplicaci\u00f3n; cualquier aplicaci\u00f3n instalada en el dispositivo tiene la capacidad de leer los datos registrados mediante otras aplicaciones."
}
],
"id": "CVE-2016-6799",
"lastModified": "2024-11-21T02:56:51.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T15:29:00.203",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98365"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 04:50
Modified
2024-11-21 01:46
Severity ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cordova | * | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.0.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.1.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.2.0 | |
| apache | cordova | 3.3.0 | |
| adobe | phonegap | * | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.0.0 | |
| adobe | phonegap | 2.1.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.2.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.3.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.4.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.5.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.6.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.7.0 | |
| adobe | phonegap | 2.8.0 | |
| adobe | phonegap | 2.8.1 | |
| adobe | phonegap | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A5703F-E43E-4F18-AC7B-534761942DCC",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74BBFE10-2CB5-446D-9D83-E5C39F6F47C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "273742B5-559F-4BC5-994E-D559D4008108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2A0ACB-2E9C-4639-8C9B-4F0004C8DF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8A468C2-55F1-4C6C-A547-D7E5B68EABC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C93B210-E664-447B-8859-0432CE8D4F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8F8721A-3968-438A-967D-B8B911F73CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cordova:3.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE1A4A77-DC7F-4C97-A7FC-5BF7E73D5DB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:phonegap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE71EC19-A23D-45B1-984B-DDD27A3DF2F8",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B05BE6-D8DA-40C8-BA86-67B1FD906975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C57DD500-22A7-4209-AEF7-DC8930F1BDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16EC33AF-5D22-418D-8604-EB549A197209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8124E0-6A2F-493E-875E-1D0E613A366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D6D5BDFF-A635-45D6-A346-754BFACD00A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0A0B3637-4927-47AD-87A0-EE411C12EE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6451A3E-BEB0-4EE0-AD88-8CE3E048CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EBEEDD73-74C5-4299-8509-324A829623D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0BC85762-A07D-4C44-8458-08FC2F717462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C19E85E-6E96-4F24-8A10-393B9DB1770F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA489695-A354-4921-903F-65AD650BCB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B534832-D498-4881-AC3D-342FE50FC405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4C20AC3F-8A9D-4450-AB38-2FC4A19605F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7121F63A-3A8E-458F-87F2-DFA5A16802AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DC93C958-7FBC-427E-89E4-C84B97471EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B0017-2BF3-4315-BFF5-B7CD5DF98A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7535E5BD-A4F0-45B9-BA79-8FE2783A58D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDC0304-7948-41DF-A330-1773E3B6336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "695CDE63-FDA3-4EDC-8D1E-D8921CCD3B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:phonegap:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F500CA59-28E5-4EC0-B698-2A26DD4BCC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring."
},
{
"lang": "es",
"value": "Apache Cordova 3.3.0 y anteriores y Adobe PhoneGap 2.9.0 y anteriores no identifican las expresiones regulares del final de un nombre de dominio, lo que permite a atacantes remotos evadir un mecanismo de protecci\u00f3n de lista blanca a trav\u00e9s de un nombre de dominio que contiene un nombre aceptable como subcadena inicial."
}
],
"id": "CVE-2012-6637",
"lastModified": "2024-11-21T01:46:34.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T04:50:46.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-1884
Vulnerability from cvelistv5
Published
2014-03-03 02:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf | x_refsource_MISC | |
| http://www.internetsociety.org/ndss2014/programme#session3 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2014/Jan/96 | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2014/02/07/9 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1884",
"datePublished": "2014-03-03T02:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:14.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0072
Vulnerability from cvelistv5
Published
2017-10-30 19:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531335/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Mar/29 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91561 | vdb-entry, x_refsource_XF | |
| http://d3adend.org/blog/?p=403 | x_refsource_MISC | |
| https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531335/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668"
},
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/29"
},
{
"name": "apache-cordova-cve20140072-weak-security(91561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91561"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531335/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668"
},
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/29"
},
{
"name": "apache-cordova-cve20140072-weak-security(91561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91561"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531335/100/0/threaded"
},
{
"name": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668",
"refsource": "CONFIRM",
"url": "https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668"
},
{
"name": "20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/29"
},
{
"name": "apache-cordova-cve20140072-weak-security(91561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91561"
},
{
"name": "http://d3adend.org/blog/?p=403",
"refsource": "MISC",
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw@mail.gmail.com%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0072",
"datePublished": "2017-10-30T19:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3501
Vulnerability from cvelistv5
Published
2014-11-15 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69041 | vdb-entry, x_refsource_BID | |
| http://cordova.apache.org/announcements/2014/08/04/android-351.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "69041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69041"
},
{
"name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3501",
"datePublished": "2014-11-15T21:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3500
Vulnerability from cvelistv5
Published
2014-11-15 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cordova.apache.org/announcements/2014/08/04/android-351.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69038 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name": "69038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name": "69038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name": "69038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3500",
"datePublished": "2014-11-15T21:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6799
Vulnerability from cvelistv5
Published
2017-05-09 15:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98365 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Cordova Android |
Version: 5.2.2 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98365"
},
{
"name": "[dev] 20170509 CVE-2016-6799: Internal system information leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cordova Android",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "5.2.2 and earlier"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "98365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98365"
},
{
"name": "[dev] 20170509 CVE-2016-6799: Internal system information leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-6799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cordova Android",
"version": {
"version_data": [
{
"version_value": "5.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98365"
},
{
"name": "[dev] 20170509 CVE-2016-6799: Internal system information leak",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69@%3Cdev.cordova.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6799",
"datePublished": "2017-05-09T15:00:00",
"dateReserved": "2016-08-12T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1881
Vulnerability from cvelistv5
Published
2014-03-03 02:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf | x_refsource_MISC | |
| http://www.internetsociety.org/ndss2014/programme#session3 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2014/Jan/96 | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2014/02/07/9 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1881",
"datePublished": "2014-03-03T02:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11990
Vulnerability from cvelistv5
Published
2020-12-01 16:46
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN59779918/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Apache Cordova ( cordova-plugin-camera ) |
Version: cordova-plugin-camera@4.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html"
},
{
"name": "JVN#59779918",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN59779918/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cordova ( cordova-plugin-camera )",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cordova-plugin-camera@4.1.0 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T04:06:05",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html"
},
{
"name": "JVN#59779918",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN59779918/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-11990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cordova ( cordova-plugin-camera )",
"version": {
"version_data": [
{
"version_value": "cordova-plugin-camera@4.1.0 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html",
"refsource": "MISC",
"url": "https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html"
},
{
"name": "JVN#59779918",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59779918/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-11990",
"datePublished": "2020-12-01T16:46:08",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3160
Vulnerability from cvelistv5
Published
2018-02-01 21:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip
References
| ▼ | URL | Tags |
|---|---|---|
| https://cordova.apache.org/announcements/2017/01/27/android-612.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95838 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Cordova Android |
Version: Apache Cordova 6.1.0 and below |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"name": "95838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cordova Android",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Cordova 6.1.0 and below"
}
]
}
],
"datePublic": "2017-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Man-in-the-Middle vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:41",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"name": "95838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-01-27T00:00:00",
"ID": "CVE-2017-3160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cordova Android",
"version": {
"version_data": [
{
"version_value": "Apache Cordova 6.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cordova.apache.org/announcements/2017/01/27/android-612.html",
"refsource": "MISC",
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"name": "95838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95838"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-3160",
"datePublished": "2018-02-01T21:00:00Z",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-09-16T19:56:14.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1835
Vulnerability from cvelistv5
Published
2017-10-27 19:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74866 | vdb-entry, x_refsource_BID | |
| http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/ | x_refsource_MISC | |
| https://cordova.apache.org/announcements/2015/05/26/android-402.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2015/05/26/android-402.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "74866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74866"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cordova.apache.org/announcements/2015/05/26/android-402.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74866"
},
{
"name": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/",
"refsource": "MISC",
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/"
},
{
"name": "https://cordova.apache.org/announcements/2015/05/26/android-402.html",
"refsource": "CONFIRM",
"url": "https://cordova.apache.org/announcements/2015/05/26/android-402.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1835",
"datePublished": "2017-10-27T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21315
Vulnerability from cvelistv5
Published
2021-02-16 17:00
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.npmjs.com/package/systeminformation | x_refsource_MISC | |
| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v | x_refsource_CONFIRM | |
| https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210312-0007/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | sebhildebrandt | systeminformation |
Version: < 5.3.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/systeminformation"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"
},
{
"name": "[cordova-issues] 20210224 [GitHub] [cordova-cli] iva2k opened a new issue #549: update systeminformation package to \u003e=5.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "systeminformation",
"vendor": "sebhildebrandt",
"versions": [
{
"status": "affected",
"version": "\u003c 5.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The System Information Library for Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T12:06:35",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/systeminformation"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"
},
{
"name": "[cordova-issues] 20210224 [GitHub] [cordova-cli] iva2k opened a new issue #549: update systeminformation package to \u003e=5.3.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05%40%3Cissues.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0007/"
}
],
"source": {
"advisory": "GHSA-2m8v-572m-ff2v",
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21315",
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systeminformation",
"version": {
"version_data": [
{
"version_value": "\u003c 5.3.1"
}
]
}
}
]
},
"vendor_name": "sebhildebrandt"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Information Library for Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/package/systeminformation",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/systeminformation"
},
{
"name": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v",
"refsource": "CONFIRM",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-2m8v-572m-ff2v"
},
{
"name": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525",
"refsource": "MISC",
"url": "https://github.com/sebhildebrandt/systeminformation/commit/07daa05fb06f24f96297abaa30c2ace8bfd8b525"
},
{
"name": "[cordova-issues] 20210224 [GitHub] [cordova-cli] iva2k opened a new issue #549: update systeminformation package to \u003e=5.3.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8afea9a83ed568f2647cccc6d8d06126f9815715ddf9a4d479b26b05@%3Cissues.cordova.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0007/"
}
]
},
"source": {
"advisory": "GHSA-2m8v-572m-ff2v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21315",
"datePublished": "2021-02-16T17:00:18",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0219
Vulnerability from cvelistv5
Published
2020-01-14 14:18
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/11/28/1 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20191127 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/28/1"
},
{
"name": "[cordova-dev] 20191128 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cordova",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below )"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application\u0027s webview using a specially crafted gap-iab: URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:58:44",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[oss-security] 20191127 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/28/1"
},
{
"name": "[cordova-dev] 20191128 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cordova",
"version": {
"version_data": [
{
"version_value": "Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below )"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application\u0027s webview using a specially crafted gap-iab: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20191127 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/28/1"
},
{
"name": "[cordova-dev] 20191128 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/4vtg0trdrh5203dktt4f3vkd5z2d5ndj"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0219",
"datePublished": "2020-01-14T14:18:22",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5208
Vulnerability from cvelistv5
Published
2016-05-09 20:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cordova.apache.org/announcements/2016/04/27/security.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN41772178/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/88797 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/538210/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVN#41772178",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41772178/index.html"
},
{
"name": "JVNDB-2016-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html"
},
{
"name": "88797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88797"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html"
},
{
"name": "20160427 CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538210/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVN#41772178",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41772178/index.html"
},
{
"name": "JVNDB-2016-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html"
},
{
"name": "88797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88797"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html"
},
{
"name": "20160427 CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538210/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cordova.apache.org/announcements/2016/04/27/security.html",
"refsource": "CONFIRM",
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVN#41772178",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41772178/index.html"
},
{
"name": "JVNDB-2016-000059",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000059.html"
},
{
"name": "88797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88797"
},
{
"name": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136839/Apache-Cordova-iOS-3.9.1-Arbitrary-Plugin-Execution.html"
},
{
"name": "20160427 CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538210/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5208",
"datePublished": "2016-05-09T20:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1882
Vulnerability from cvelistv5
Published
2014-03-03 02:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf | x_refsource_MISC | |
| http://www.internetsociety.org/ndss2014/programme#session3 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2014/Jan/96 | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2014/02/07/9 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:14.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1882",
"datePublished": "2014-03-03T02:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T09:58:14.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5256
Vulnerability from cvelistv5
Published
2015-11-23 11:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/536944/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html | x_refsource_MISC | |
| http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/77677 | vdb-entry, x_refsource_BID | |
| https://cordova.apache.org/announcements/2015/11/20/security.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN18889193/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151120 Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536944/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html"
},
{
"name": "JVNDB-2015-000187",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html"
},
{
"name": "77677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"name": "JVN#18889193",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18889193/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20151120 Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536944/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html"
},
{
"name": "JVNDB-2015-000187",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html"
},
{
"name": "77677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"name": "JVN#18889193",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18889193/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151120 Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536944/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html"
},
{
"name": "JVNDB-2015-000187",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html"
},
{
"name": "77677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77677"
},
{
"name": "https://cordova.apache.org/announcements/2015/11/20/security.html",
"refsource": "CONFIRM",
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"name": "JVN#18889193",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18889193/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5256",
"datePublished": "2015-11-23T11:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3502
Vulnerability from cvelistv5
Published
2014-11-15 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69046 | vdb-entry, x_refsource_BID | |
| http://cordova.apache.org/announcements/2014/08/04/android-351.html | x_refsource_CONFIRM | |
| http://cordova.apache.org/announcements/2014/08/06/android-351-update.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69046"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "69046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69046"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69046"
},
{
"name": "http://cordova.apache.org/announcements/2014/08/04/android-351.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"name": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html",
"refsource": "CONFIRM",
"url": "http://cordova.apache.org/announcements/2014/08/06/android-351-update.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3502",
"datePublished": "2014-11-15T21:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0073
Vulnerability from cvelistv5
Published
2017-10-30 19:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/531334/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/65959 | vdb-entry, x_refsource_BID | |
| http://d3adend.org/blog/?p=403 | x_refsource_MISC | |
| https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST | |
| https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91560 | vdb-entry, x_refsource_XF | |
| http://seclists.org/fulldisclosure/2014/Mar/30 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:37.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"name": "65959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65959"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"name": "apache-cordova-cve20140073-priv-esc(91560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"name": "65959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65959"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw%40mail.gmail.com%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"name": "apache-cordova-cve20140073-priv-esc(91560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"name": "65959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65959"
},
{
"name": "http://d3adend.org/blog/?p=403",
"refsource": "MISC",
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E"
},
{
"name": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55",
"refsource": "CONFIRM",
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"name": "apache-cordova-cve20140073-priv-esc(91560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0073",
"datePublished": "2017-10-30T19:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:37.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5207
Vulnerability from cvelistv5
Published
2016-05-09 20:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html | x_refsource_MISC | |
| https://cordova.apache.org/announcements/2016/04/27/security.html | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/archive/1/538211/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/88764 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN35341085/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVNDB-2016-000058",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"name": "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"name": "88764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88764"
},
{
"name": "JVN#35341085",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVNDB-2016-000058",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"name": "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"name": "88764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88764"
},
{
"name": "JVN#35341085",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
},
{
"name": "https://cordova.apache.org/announcements/2016/04/27/security.html",
"refsource": "CONFIRM",
"url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
},
{
"name": "JVNDB-2016-000058",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"name": "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"name": "88764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88764"
},
{
"name": "JVN#35341085",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5207",
"datePublished": "2016-05-09T20:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8320
Vulnerability from cvelistv5
Published
2015-11-23 11:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77679 | vdb-entry, x_refsource_BID | |
| https://cordova.apache.org/announcements/2015/11/20/security.html | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536945/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77679"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html"
},
{
"name": "20151120 Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536945/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "77679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77679"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html"
},
{
"name": "20151120 Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536945/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77679"
},
{
"name": "https://cordova.apache.org/announcements/2015/11/20/security.html",
"refsource": "CONFIRM",
"url": "https://cordova.apache.org/announcements/2015/11/20/security.html"
},
{
"name": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134496/Apache-Cordova-Android-3.6.4-BridgeSecret-Weak-Randomization.html"
},
{
"name": "20151120 Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536945/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8320",
"datePublished": "2015-11-23T11:00:00",
"dateReserved": "2015-11-22T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6637
Vulnerability from cvelistv5
Published
2014-03-03 02:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf | x_refsource_MISC | |
| http://www.internetsociety.org/ndss2014/programme#session3 | x_refsource_MISC | |
| http://seclists.org/bugtraq/2014/Jan/96 | mailing-list, x_refsource_BUGTRAQ | |
| http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/ | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2014/02/07/9 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/",
"refsource": "MISC",
"url": "http://labs.mwrinfosecurity.com/blog/2012/04/30/building-android-javajavascript-bridges/"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6637",
"datePublished": "2014-03-03T02:00:00",
"dateReserved": "2014-02-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:01.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201411-0060
Vulnerability from variot
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Cordova for Android versions 3.5.0 and prior are vulnerable. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
Original release date: February 21, 2003 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file. Other systems making use of SIP may also be vulnerable but were not specifically tested. Not all SIP implementations are affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from VU#528719. These vulnerabilities may allow an attacker to gain unauthorized privileged access, cause denial-of-service attacks, or cause unstable system behavior. If your site uses SIP-enabled products in any capacity, the CERT/CC encourages you to read this advisory and follow the advice provided in the Solution section below.
I. SIP is a text-based protocol for initiating communication and data sessions between users.
The Oulu University Secure Programming Group (OUSPG) previously conducted research into vulnerabilities in LDAP, culminating in CERT Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03.
OUSPG's most recent research focused on a subset of SIP related to the INVITE message, which SIP agents and proxies are required to accept in order to set up sessions. Note that "throttling" is an expected behavior.
Specifications for the Session Initiation Protocol are available in RFC3261:
http://www.ietf.org/rfc/rfc3261.txt
OUSPG has established the following site with detailed documentation regarding SIP and the implementation test results from the test suite:
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
The IETF Charter page for SIP is available at
http://www.ietf.org/html.charters/sip-charter.html
II. Impact
Exploitation of these vulnerabilities may result in denial-of-service conditions, service interruptions, and in some cases may allow an attacker to gain unauthorized access to the affected device. Specific impacts will vary from product to product.
III. Solution
Many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this
advisory. Please consult this appendix and VU#528719 to determine
if your product is vulnerable. If a statement is unavailable, you
may need to contact your vendor directly.
Disable the SIP-enabled devices and services
As a general rule, the CERT/CC recommends disabling any service or
capability that is not explicitly required. Some of the affected
products may rely on SIP to be functional. You should carefully
consider the impact of blocking services that you may be using.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of
these vulnerabilities by blocking access to SIP devices and
services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a
network under your administrative control. Servers are typically
the only machines that need to accept inbound traffic from the
public Internet. Note that most SIP User Agents (including IP
phones or "clien"t software) consist of a User Agent Client and a
User Agent Server. In the network usage policy of many sites, there
are few reasons for external hosts to initiate inbound traffic to
machines that provide no public services. Thus, ingress filtering
should be performed at the border to prohibit externally initiated
inbound traffic to non-authorized services.
Please note that this workaround may not protect vulnerable devices
from internal attacks.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network
under your administrative control. There is typically limited need
for machines providing public services to initiate outbound traffic
to the Internet. In the case of the SIP vulnerabilities, employing
egress filtering on the ports listed above at your network border
may prevent your network from being used as a source for attacks on
other sites.
Block SIP requests directed to broadcast addresses at your router.
Since SIP requests can be transmitted via UDP, broadcast attacks
are possible. One solution to prevent your site from being used as
an intermediary in an attack is to block SIP requests directed to
broadcast addresses at your router.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
America Online Inc
Not vulnerable.
Apple Computer Inc.
There are currently no applications shipped by Apple with Mac OS X
or Mac OS X Server which make use of the Session Initiation
Protocol.
Borderware
No BorderWare products make use of SIP and thus no BorderWare
products are affected by this vulnerability.
We would however like to extend our thanks to the OUSPG for their
work as well as for the responsible manner in which they handle
their discoveries. Their detailed reports and test suites are
certainly well-received.
We would also like to reiterate the fact that SIP has yet to
mature, protocol-wise as well as implementation-wise. We do not
recommend that our customers set up SIP relays in parallel to our
firewall products to pass SIP-based applications in or out of
networks where security is a concern of note.
F5 Networks
F5 Networks does not have a SIP server product, and is therefore
not affected by this vulnerability.
Fujitsu
With regards to VU#528719, Fujitsu's UXP/V o.s. is not vulnerable
because the relevant function is not supported under UXP/V.
IBM
SIP is not implemented as part of the AIX operating system.
IP Filter
IPFilter does not do any SIP specific protocol handling and is
therefore not affected by the issues mentioned in the paper cited.
IPTel
All versions of SIP Express Router up to 0.8.9 are sadly vulnerable
to the OUSPG test suite. We strongly advice to upgrade to version
0.8.10. Please also apply the patch to version 0.8.10 from
http://www.iptel.org/ser/security/
before installation and keep on watching this site in the future.
We apologize to our users for the trouble.
Hewlett-Packard Company
Source:
Hewlett-Packard Company
Software Security Response Team
cross reference id: SSRT2402
HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send
an E-mail message to: mailto:security-alert@hp.com
Lucent
No Lucent products are known to be affected by this vulnerability,
however we are still researching the issue and will update this
statement as needed.
Microsoft Corporation
Microsoft has investigated these issues. The Microsoft SIP client
implementation is not affected.
NEC Corporation
===================================================================
NEC vendor statement for VU#528719
===================================================================
sent on February 13, 2002
Server Products
* EWS/UP 48 Series operating system
* - is NOT vulnerable, because it does not support SIP.
Router Products
* IX 1000 / 2000 / 5000 Series
* - is NOT vulnerable, because it does not support SIP.
Other Network products
* We continue to check our products which support SIP protocol.
===================================================================
NETBSD
NetBSD does not ship any implementation of SIP.
NETfilter.org
As the linux 2.4/2.5 netfilter implementation currently doesn't
support connection tracking or NAT for the SIP protocol suite, we
are not vulnerable to this bug.
NetScreen
NetScreen is not vulnerable to this issue.
Network Appliance
NetApp products are not affected by this vulnerability.
Nokia
Nokia IP Security Platforms based on IPSO, Nokis Small Office
Solution platforms, Nokia VPN products and Nokia Message Protector
platform do not initiate or terminate SIP based sessions. The
mentioned Nokia products are not susceptible to this vulnerability
Nortel Networks
Nortel Networks is cooperating to the fullest extent with the CERT
Coordination Center. All Nortel Networks products that use Session
Initiation Protocol SIP) have been tested and all generally
available products, with the following exceptions, have passed the
test suite:
Succession Communication Server 2000 and Succession Communication
Server 2000 - Compact are impacted by the test suite only in
configurations where SIP-T has been provisioned within the
Communication Server; a software patch is expected to be available
by the end of February.
For further information about Nortel Networks products please
contact Nortel Networks Global Network Support.
North America: 1-800-4-NORTEL, or (1-800-466-7835)
Europe, Middle East & Africa: 00800 8008 9009, or +44 (0) 870 907
9009
Contacts for other regions available at the Global Contact
<http://www.nortelnetworks.com/help/contact/global/> web page.
Novell
Novell has no products implementing SIP.
Secure Computing Corporation
Neither Sidewinder nor Gauntlet implements SIP, so we do not need
to be on the vendor list for this vulnerability.
SecureWorx
We hereby attest that SecureWorx Basilisk Gateway Security product
suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the
Session Initiation Protocol (SIP) Vulnerability VU#528719 as
described in the OUSPG announcement (OUSPG#0106) received on Fri, 8
Nov 2002 10:17:11 -0500.
Stonesoft
Stonesoft's StoneGate high availability firewall and VPN product
does not contain any code that handles SIP protocol. No versions of
StoneGate are vulnerable.
Symantec
Symantec Corporation products are not vulnerable to this issue.
Xerox
Xerox is aware of this vulnerability and is currently assessing all
products. This statement will be updated as new information becomes
available.
Appendix B. - References
1. http://www.ee.oulu.fi/research/ouspg/protos/
2. http://www.kb.cert.org/vuls/id/528719
3. http://www.cert.org/tech_tips/denial_of_service.html
4. http://www.ietf.org/html.charters/sip-charter.html
5. RFC3261 - SIP: Session Initiation Protocol
6. RFC2327 - SDP: Session Description Protocol
7. RFC2279 - UTF-8, a transformation format of ISO 10646
8. Session Initiation Protocol Basic Call Flow Examples
9. We would also like to acknowledge the
"RedSkins" project of "MediaTeam Oulu" for their support of this research.
Feedback on this document can be directed to the authors, Jason A. Rafail and Ian A. Finlay.
This document is available from: http://www.cert.org/advisories/CA-2003-06.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History Feb 21, 2003: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG IXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ 17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O Eisa8/wivlM= =p961 -----END PGP SIGNATURE----- . Android Platform Release: 04 Aug 2014
Security issues were discovered in the Android platform of Cordova. Other Cordova platforms such as iOS are unaffected, and do not have an update.
The security issues are CVE-2014-3500, CVE-2014-3501, and CVE-2014-3502.
For your convenience, the text of these CVEs is included here.
A blog post is available at http://cordova.apache.org/#news
CVE-2014-3500: Cordova cross-application scripting via Android intent URLs
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Cordova Android versions up to 3.5.0
Description: Android applications built with the Cordova framework can be launched through a special intent URL. A specially-crafted URL could cause the Cordova-based application to start up with a different start page than the developer intended, including other HTML content stored on the Android device. This has been the case in all released versions of Cordova up to 3.5.0, and has been fixed in the latest release (3.5.1). We recommend affected projects update their applications to the latest release.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.
CVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: All released Cordova Android versions
Description: Android applications built with the Cordova framework use a WebView component to display content. Cordova applications can specify a whitelist of URLs which the application will be allowed to display, or to communicate with via XMLHttpRequest. This whitelist, however, is not used by the WebView component when it is directed via JavaScript to communicate over non-http channels.
It is possible to mitigate this attack vector by adding a CSP meta tag to all HTML pages in the application, to allow connections only to trusted sources. App developers should also upgrade to Cordova Android 3.5.1, to reduce the risk of XAS attacks against their applications, which could then use this mechanism to reach unintended servers. See CVE-2014-3500 for more information on a possible XAS vulnerability.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1, and consider adding CSP meta tags to their application HTML.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.
CVE-2014-3502: Cordova apps can potentially leak data to other apps via Android intent URLs
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Cordova Android versions up to 3.5.0
Description: Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network.
The latest release of Cordova Android takes steps to block explicit Android intent urls, so that they can no longer be used to start arbitrary applications on the device.
Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1.
Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cordova",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "3.5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cirpack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "columbia sip user agent sipc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dynamicsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iptel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediatrix telecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pingtel",
"version": null
},
{
"model": "cordova",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "android 3.5.1"
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "ne",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.6"
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "appengine",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "ne",
"trust": 0.3,
"vendor": "columbia",
"version": "2.0"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.9"
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.3-1"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "osip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.5"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.4"
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "ios 12.2 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession communication server compact",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "2000-"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.0"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1-1"
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "university sipc",
"scope": "eq",
"trust": 0.3,
"vendor": "columbia",
"version": "1.74"
},
{
"model": "osip",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.9.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.5"
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.1"
},
{
"model": "c++ sip user agent",
"scope": null,
"trust": 0.3,
"vendor": "dymanicsoft",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "5.0"
},
{
"model": "sip express router",
"scope": "ne",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"model": "java sip user agent",
"scope": "eq",
"trust": 0.3,
"vendor": "dymanicsoft",
"version": "6.0"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "partysip",
"scope": "eq",
"trust": 0.3,
"vendor": "partysip",
"version": "0.5.2-1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "sip express router",
"scope": "eq",
"trust": 0.3,
"vendor": "iptel",
"version": "0.8.8"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cordova:3.5.0:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Kaplan and Roee Hay of IBM Security Systems.",
"sources": [
{
"db": "BID",
"id": "69041"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-3501",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3501",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#528719",
"trust": 0.8,
"value": "17.72"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-071",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Over Internet (VoIP), instant messaging, telephony, and various other applications and devices. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nApache Cordova for Android versions 3.5.0 and prior are vulnerable. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. \nThese issues are related to handling of SIP INVITE messages. \nExploitation and the specific nature of each vulnerability may depend on the particular implementation. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2003-06 Multiple vulnerabilities in implementations of the\nSession Initiation Protocol (SIP)\n\n Original release date: February 21, 2003\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n Other systems making use of SIP may also be vulnerable but were not\n specifically tested. Not all SIP implementations are affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from VU#528719. These\n vulnerabilities may allow an attacker to gain unauthorized privileged\n access, cause denial-of-service attacks, or cause unstable system\n behavior. If your site uses SIP-enabled products in any capacity, the\n CERT/CC encourages you to read this advisory and follow the advice\n provided in the Solution section below. \n\nI. \n SIP is a text-based protocol for initiating communication and data\n sessions between users. \n\n The Oulu University Secure Programming Group (OUSPG) previously\n conducted research into vulnerabilities in LDAP, culminating in CERT\n Advisory CA-2001-18, and SNMP, resulting in CERT Advisory CA-2002-03. \n\n OUSPG\u0027s most recent research focused on a subset of SIP related to the\n INVITE message, which SIP agents and proxies are required to accept in\n order to set up sessions. Note that \"throttling\" is an expected\n behavior. \n\n Specifications for the Session Initiation Protocol are available in\n RFC3261:\n\n http://www.ietf.org/rfc/rfc3261.txt\n\n OUSPG has established the following site with detailed documentation\n regarding SIP and the implementation test results from the test suite:\n\n http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/\n\n The IETF Charter page for SIP is available at\n\n http://www.ietf.org/html.charters/sip-charter.html\n\nII. Impact\n\n Exploitation of these vulnerabilities may result in denial-of-service\n conditions, service interruptions, and in some cases may allow an\n attacker to gain unauthorized access to the affected device. Specific\n impacts will vary from product to product. \n\nIII. Solution\n\n Many of the mitigation steps recommended below may have significant\n impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\n Apply a patch from your vendor\n\n Appendix A contains information provided by vendors for this\n advisory. Please consult this appendix and VU#528719 to determine\n if your product is vulnerable. If a statement is unavailable, you\n may need to contact your vendor directly. \n\n Disable the SIP-enabled devices and services\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required. Some of the affected\n products may rely on SIP to be functional. You should carefully\n consider the impact of blocking services that you may be using. \n\n Ingress filtering\n\n As a temporary measure, it may be possible to limit the scope of\n these vulnerabilities by blocking access to SIP devices and\n services at the network perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a\n network under your administrative control. Servers are typically\n the only machines that need to accept inbound traffic from the\n public Internet. Note that most SIP User Agents (including IP\n phones or \"clien\"t software) consist of a User Agent Client and a\n User Agent Server. In the network usage policy of many sites, there\n are few reasons for external hosts to initiate inbound traffic to\n machines that provide no public services. Thus, ingress filtering\n should be performed at the border to prohibit externally initiated\n inbound traffic to non-authorized services. \n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\n Egress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need\n for machines providing public services to initiate outbound traffic\n to the Internet. In the case of the SIP vulnerabilities, employing\n egress filtering on the ports listed above at your network border\n may prevent your network from being used as a source for attacks on\n other sites. \n\n Block SIP requests directed to broadcast addresses at your router. \n\n Since SIP requests can be transmitted via UDP, broadcast attacks\n are possible. One solution to prevent your site from being used as\n an intermediary in an attack is to block SIP requests directed to\n broadcast addresses at your router. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\n America Online Inc\n\n Not vulnerable. \n\n Apple Computer Inc. \n\n There are currently no applications shipped by Apple with Mac OS X\n or Mac OS X Server which make use of the Session Initiation\n Protocol. \n\n Borderware\n\n No BorderWare products make use of SIP and thus no BorderWare\n products are affected by this vulnerability. \n We would however like to extend our thanks to the OUSPG for their\n work as well as for the responsible manner in which they handle\n their discoveries. Their detailed reports and test suites are\n certainly well-received. \n We would also like to reiterate the fact that SIP has yet to\n mature, protocol-wise as well as implementation-wise. We do not\n recommend that our customers set up SIP relays in parallel to our\n firewall products to pass SIP-based applications in or out of\n networks where security is a concern of note. \n\n F5 Networks\n\n F5 Networks does not have a SIP server product, and is therefore\n not affected by this vulnerability. \n\n Fujitsu\n\n With regards to VU#528719, Fujitsu\u0027s UXP/V o.s. is not vulnerable\n because the relevant function is not supported under UXP/V. \n\n IBM\n\n SIP is not implemented as part of the AIX operating system. \n\n IP Filter\n\n IPFilter does not do any SIP specific protocol handling and is\n therefore not affected by the issues mentioned in the paper cited. \n\n IPTel\n\n All versions of SIP Express Router up to 0.8.9 are sadly vulnerable\n to the OUSPG test suite. We strongly advice to upgrade to version\n 0.8.10. Please also apply the patch to version 0.8.10 from\n http://www.iptel.org/ser/security/\n before installation and keep on watching this site in the future. \n We apologize to our users for the trouble. \n\n Hewlett-Packard Company\n\n Source:\n Hewlett-Packard Company\n Software Security Response Team\n cross reference id: SSRT2402\n\n HP-UX - not vulnerable\n HP-MPE/ix - not vulnerable\n HP Tru64 UNIX - not vulnerable\n HP OpenVMS - not vulnerable\n HP NonStop Servers - not vulnerable\n\n To report potential security vulnerabilities in HP software, send\n an E-mail message to: mailto:security-alert@hp.com\n\n Lucent\n\n No Lucent products are known to be affected by this vulnerability,\n however we are still researching the issue and will update this\n statement as needed. \n\n Microsoft Corporation\n\n Microsoft has investigated these issues. The Microsoft SIP client\n implementation is not affected. \n\n NEC Corporation\n\n ===================================================================\n NEC vendor statement for VU#528719\n ===================================================================\n\n sent on February 13, 2002\n Server Products\n * EWS/UP 48 Series operating system\n * - is NOT vulnerable, because it does not support SIP. \n\n Router Products\n * IX 1000 / 2000 / 5000 Series\n * - is NOT vulnerable, because it does not support SIP. \n\n Other Network products\n * We continue to check our products which support SIP protocol. \n\n ===================================================================\n\n NETBSD\n\n NetBSD does not ship any implementation of SIP. \n\n NETfilter.org\n\n As the linux 2.4/2.5 netfilter implementation currently doesn\u0027t\n support connection tracking or NAT for the SIP protocol suite, we\n are not vulnerable to this bug. \n\n NetScreen\n\n NetScreen is not vulnerable to this issue. \n\n Network Appliance\n\n NetApp products are not affected by this vulnerability. \n\n Nokia\n\n Nokia IP Security Platforms based on IPSO, Nokis Small Office\n Solution platforms, Nokia VPN products and Nokia Message Protector\n platform do not initiate or terminate SIP based sessions. The\n mentioned Nokia products are not susceptible to this vulnerability\n\n Nortel Networks\n\n Nortel Networks is cooperating to the fullest extent with the CERT\n Coordination Center. All Nortel Networks products that use Session\n Initiation Protocol SIP) have been tested and all generally\n available products, with the following exceptions, have passed the\n test suite:\n\n Succession Communication Server 2000 and Succession Communication\n Server 2000 - Compact are impacted by the test suite only in\n configurations where SIP-T has been provisioned within the\n Communication Server; a software patch is expected to be available\n by the end of February. \n\n For further information about Nortel Networks products please\n contact Nortel Networks Global Network Support. \n\n North America: 1-800-4-NORTEL, or (1-800-466-7835)\n Europe, Middle East \u0026 Africa: 00800 8008 9009, or +44 (0) 870 907\n 9009\n\n Contacts for other regions available at the Global Contact\n \u003chttp://www.nortelnetworks.com/help/contact/global/\u003e web page. \n\n Novell\n\n Novell has no products implementing SIP. \n\n Secure Computing Corporation\n\n Neither Sidewinder nor Gauntlet implements SIP, so we do not need\n to be on the vendor list for this vulnerability. \n\n SecureWorx\n\n We hereby attest that SecureWorx Basilisk Gateway Security product\n suite (Firmware version 3.4.2 or later) is NOT VULNERABLE to the\n Session Initiation Protocol (SIP) Vulnerability VU#528719 as\n described in the OUSPG announcement (OUSPG#0106) received on Fri, 8\n Nov 2002 10:17:11 -0500. \n\n Stonesoft\n\n Stonesoft\u0027s StoneGate high availability firewall and VPN product\n does not contain any code that handles SIP protocol. No versions of\n StoneGate are vulnerable. \n\n Symantec\n\n Symantec Corporation products are not vulnerable to this issue. \n\n Xerox\n\n Xerox is aware of this vulnerability and is currently assessing all\n products. This statement will be updated as new information becomes\n available. \n\nAppendix B. - References\n\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/528719\n 3. http://www.cert.org/tech_tips/denial_of_service.html\n 4. http://www.ietf.org/html.charters/sip-charter.html\n 5. RFC3261 - SIP: Session Initiation Protocol\n 6. RFC2327 - SDP: Session Description Protocol\n 7. RFC2279 - UTF-8, a transformation format of ISO 10646\n 8. Session Initiation Protocol Basic Call Flow Examples \n 9. We would also like to acknowledge the\n \"RedSkins\" project of \"MediaTeam Oulu\" for their support of this\n research. \n _________________________________________________________________\n\n Feedback on this document can be directed to the authors, \n Jason A. Rafail and Ian A. Finlay. \n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2003-06.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2003 Carnegie Mellon University. \n\n Revision History\n Feb 21, 2003: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPlZDZmjtSoHZUTs5AQGBKwQAr+4iXdsjC3LcN3QB77+6uslWZlP4AZlG\nIXS4u50QPNhuFw/vnuOG2FM4bCSUE7h+nG3eyakS1dWO3jGyybMFWPyvykYeFUKQ\n17QbmykeWBUVdGmxOeuVmSdmz7MSp6U+FZZmzuUWM85DlSUKoYg8dF7CqVuC137O\nEisa8/wivlM=\n=p961\n-----END PGP SIGNATURE-----\n. Android Platform Release: 04 Aug 2014\n\nSecurity issues were discovered in the Android platform of Cordova. Other Cordova platforms such as iOS are unaffected, and do not have an update. \n\nThe security issues are CVE-2014-3500, CVE-2014-3501, and CVE-2014-3502. \n\nFor your convenience, the text of these CVEs is included here. \n\nA blog post is available at http://cordova.apache.org/#news\n\n\nCVE-2014-3500: Cordova cross-application scripting via Android intent URLs\n\n\nSeverity: High\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nCordova Android versions up to 3.5.0\n\nDescription:\nAndroid applications built with the Cordova framework can be launched through\na special intent URL. A specially-crafted URL could cause the Cordova-based\napplication to start up with a different start page than the developer\nintended, including other HTML content stored on the Android device. This has\nbeen the case in all released versions of Cordova up to 3.5.0, and has been\nfixed in the latest release (3.5.1). We recommend affected projects update\ntheir applications to the latest release. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems. \n\n\nCVE-2014-3501: Cordova whitelist bypass for non-HTTP URLs\n\n\nSeverity: Medium\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nAll released Cordova Android versions\n\nDescription:\nAndroid applications built with the Cordova framework use a WebView component\nto display content. Cordova applications can specify a whitelist of URLs which\nthe application will be allowed to display, or to communicate with via\nXMLHttpRequest. This whitelist, however, is not used by the WebView component\nwhen it is directed via JavaScript to communicate over non-http channels. \n\nIt is possible to mitigate this attack vector by adding a CSP meta tag to all\nHTML pages in the application, to allow connections only to trusted sources. \nApp developers should also upgrade to Cordova Android 3.5.1, to reduce the risk\nof XAS attacks against their applications, which could then use this mechanism\nto reach unintended servers. See CVE-2014-3500 for more information on a\npossible XAS vulnerability. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1, and consider adding CSP meta tags to their application\nHTML. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems. \n\n\nCVE-2014-3502: Cordova apps can potentially leak data to other apps via Android\nintent URLs\n\n\nSeverity: Medium\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nCordova Android versions up to 3.5.0\n\nDescription:\nAndroid applications built with the Cordova framework can launch other\napplications through the use of anchor tags, or by redirecting the webview to\nan Android intent URL. An attacker who can manipulate the HTML content of a\nCordova application can create links which open other applications and send\narbitrary data to those applications. An attacker who can run arbitrary\nJavaScript code within the context of the Cordova application can also set the\ndocument location to such a URL. By using this in concert with a second,\nvulnerable application, an attacker might be able to use this method to send\ndata from the Cordova application to the network. \n\nThe latest release of Cordova Android takes steps to block explicit Android\nintent urls, so that they can no longer be used to start arbitrary applications\non the device. \n\nUpgrade path:\nDevelopers who are concerned about this should rebuild their applications with\nCordova Android 3.5.1. \n\nCredit:\nThis issue was discovered by David Kaplan and Roee Hay of IBM Security Systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3501",
"trust": 2.8
},
{
"db": "BID",
"id": "69041",
"trust": 1.3
},
{
"db": "CERT/CC",
"id": "VU#528719",
"trust": 1.2
},
{
"db": "BID",
"id": "6904",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "30838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127754",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"id": "VAR-201411-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.37675563
},
"last_update_date": "2023-12-18T12:13:48.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache Cordova Android 3.5.1",
"trust": 0.8,
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://cordova.apache.org/announcements/2014/08/04/android-351.html"
},
{
"trust": 1.2,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/69041"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/html.charters/sip-charter.html"
},
{
"trust": 0.9,
"url": "http://www.ietf.org/rfc/rfc3261.txt"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/ "
},
{
"trust": 0.8,
"url": "http://www.mediateam.oulu.fi/projects/redskins/?lang=en"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/internet-drafts/draft-ietf-sipping-torture-tests-07.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc3665.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2327.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2279.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3501"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3501"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/6904"
},
{
"trust": 0.4,
"url": "http://www.cert.org/advisories/ca-2003-06.html"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"trust": 0.3,
"url": "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php"
},
{
"trust": 0.3,
"url": "http://www.fsf.org/software/osip/osip.html"
},
{
"trust": 0.3,
"url": "http://www.partysip.org/"
},
{
"trust": 0.3,
"url": "http://www.iptel.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=16123"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.iptel.org/ser/security/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/\u003e"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3501"
},
{
"trust": 0.1,
"url": "http://cordova.apache.org/#news"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#528719"
},
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"db": "PACKETSTORM",
"id": "30838"
},
{
"db": "PACKETSTORM",
"id": "127754"
},
{
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2014-08-04T00:00:00",
"db": "BID",
"id": "69041"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"date": "2003-02-21T17:04:53",
"db": "PACKETSTORM",
"id": "30838"
},
{
"date": "2014-08-05T21:19:09",
"db": "PACKETSTORM",
"id": "127754"
},
{
"date": "2014-11-15T21:59:03.023000",
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#528719"
},
{
"date": "2014-12-09T00:57:00",
"db": "BID",
"id": "69041"
},
{
"date": "2003-02-21T00:00:00",
"db": "BID",
"id": "6904"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005471"
},
{
"date": "2014-11-17T14:03:49.630000",
"db": "NVD",
"id": "CVE-2014-3501"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "69041"
},
{
"db": "BID",
"id": "6904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#528719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-071"
}
],
"trust": 0.6
}
}