Lucene search

[email protected]CVE-2014-6041

HistorySep 02, 2014 - 10:55 a.m.

CVE-2014-6041

2014-09-0210:55:00

CWE-264

[email protected]

web.nvd.nist.gov

android

webview

same origin policy

remote attack

cve-2014-6041

security vulnerability

nvd

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.924 High

EPSS

Percentile

99.0%

JSON

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.

CPENameOperatorVersion
google:android_browsergoogle android browsereq4.2.1

CPE	Name	Operator	Version
google:android_browser	google android browser	eq	4.2.1

References

www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html

www.securityfocus.com/bid/69548

android.googlesource.com/platform/external/webkit/+/1368e05e8875f00e8d2529fe6050d08b55ea4d87

android.googlesource.com/platform/external/webkit/+/7e4405a7a12750ee27325f065b9825c25b40598c

community.rapid7.com/community/metasploit/blog/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041

exchange.xforce.ibmcloud.com/vulnerabilities/95693

news.ycombinator.com/item?id=8321185

news.ycombinator.com/item?id=8325807

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.924 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2014-6041

threatpost3 prion1 thn2 packetstorm1 securityvulns1 cvelist1 checkpoint_advisories1 metasploit1 nessus1