CVE-2014-0072

Name of the Vulnerable Software and Affected Versions: Apache Cordova File-Transfer plugin versions prior to 0.4.2 for iOS Cordova versions 2.4.0 through 2.9.0 for iOS

Description: The issue allows remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option in the Apache Cordova File-Transfer plugin. This could potentially lead to man-in-the-middle attacks.

Recommendations: For Apache Cordova File-Transfer plugin versions prior to 0.4.2 for iOS, update to version 0.4.2 or later. For Cordova versions 2.4.0 through 2.9.0 for iOS, consider updating to a version outside of this range or modifying the trustAllHosts option to false as a temporary workaround.