Remote Code Execution Vulnerability in Apache Cordova for Android
CVE-2014-3501

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 15 November 2014

What is CVE-2014-3501?

Apache Cordova for Android prior to version 3.5.1 is susceptible to a vulnerability allowing malicious users to connect to unauthorized servers. This is achieved by exploiting the WebView component to initiate WebSocket connections, therefore bypassing the designated HTTP whitelist. Attackers can leverage this loophole to execute arbitrary commands, potentially leading to unauthorized data access and manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/69041

vdb-entryx_refsource_BID

http://cordova.apache.org/announcements/2014/08/04/androi...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 15, 2014
Vulnerability Reserved
May 14, 2014

JSON

Apache

What is CVE-2014-3501?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.