CVE-2015-5256

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 23 November 2015

Summary

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.

References

http://www.securityfocus.com/archive/1/536944/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/134497/Apache-Cordov...

x_refsource_MISC

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html

third-party-advisoryx_refsource_JVNDB

Timeline

Vulnerability published
Nov 23, 2015
Vulnerability Reserved
Jul 1, 2015