CVE-2014-3501

MEDIUM

Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

References

http://cordova.apache.org/announcements/2014/08/04/android-351.html

http://www.securityfocus.com/bid/69041

Details

Source: MITRE

Published: 2014-11-15

Updated: 2014-11-17

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM