Domain Name Bypass Vulnerability in Apache Cordova and Adobe PhoneGap
CVE-2012-6637

Currently unrated

Key Information:

Vendor

Apache
Status
Cordova
Vendor
CVE Published:
3 March 2014

What is CVE-2012-6637?

Apache Cordova versions up to 3.3.0 and Adobe PhoneGap versions up to 2.9.0 are susceptible to a vulnerability where the regular expressions used for domain-name filtering do not properly anchor at the end. This flaw allows remote attackers to exploit the whitelist protection mechanism by using a specially crafted domain name that contains an accepted name as a prefix. Consequently, unauthorized access may be gained, leading to potential exploitation in mobile applications built on these platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
x_refsource_MISC
http://www.internetsociety.org/ndss2014/programme#session3
x_refsource_MISC
http://seclists.org/bugtraq/2014/Jan/96
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.