PT-2014-4341 · Apache+1 · Apache Cordova+1

Published

2014-03-03

Updated

2014-03-03

CVE-2014-1884

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Cordova versions 3.3.0 and earlier Adobe PhoneGap versions 2.9.0 and earlier

Description The issue allows remote attackers to bypass intended device-resource restrictions. This can be achieved via content that is accessed in an IFRAME element or with the XMLHttpRequest method by a crafted application.

Recommendations For Apache Cordova versions 3.3.0 and earlier, consider restricting navigation events to prevent bypassing of device-resource restrictions. For Adobe PhoneGap versions 2.9.0 and earlier, restrict access to the XMLHttpRequest method to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-1884

Affected Products

Phonegap

Apache Cordova

PT-2014-4341 · Apache+1 · Apache Cordova+1

CVE-2014-1884

Weakness Enumeration

Related Identifiers

Affected Products

References · 6