Lucene search

K
cveRedhatCVE-2015-8320
HistoryNov 23, 2015 - 11:59 a.m.

CVE-2015-8320

2015-11-2311:59:01
redhat
web.nvd.nist.gov
39
cve-2015-8320
apache cordova
android
bridge hijacking
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

61.5%

Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.

Affected configurations

Nvd
Node
apachecordovaRange3.6.4android
VendorProductVersionCPE
apachecordova*cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

61.5%