Lucene search

[email protected]CVE-2015-5256

HistoryNov 23, 2015 - 11:59 a.m.

CVE-2015-5256

2015-11-2311:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-5256

apache cordova

android

security vulnerability

javascript whitelist

uri crafted attack

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.

CPENameOperatorVersion
apache:cordovaapache cordovale3.6.4

CPE	Name	Operator	Version
apache:cordova	apache cordova	le	3.6.4

References

jvn.jp/en/jp/JVN18889193/index.html

jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000187.html

packetstormsecurity.com/files/134497/Apache-Cordova-3.7.2-Whitelist-Failure.html

www.securityfocus.com/archive/1/536944/100/0/threaded

www.securityfocus.com/bid/77677

cordova.apache.org/announcements/2015/11/20/security.html

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2015-5256

ibm2 cvelist1 jvn1 prion1