CVE-2014-3501

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 15 November 2014

Summary

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

References

http://www.securityfocus.com/bid/69041

vdb-entryx_refsource_BID

http://cordova.apache.org/announcements/2014/08/04/androi...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 15, 2014
Vulnerability Reserved
May 14, 2014