CVE-2014-3501

medium

Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

References

http://www.securityfocus.com/bid/69041

http://cordova.apache.org/announcements/2014/08/04/android-351.html

Details

Source: Mitre, NVD

Published: 2014-11-15

Updated: 2014-11-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium