Lucene search

CVE-2017-3160

🗓️ 01 Feb 2018 21:00:29Reported by apacheType

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

Android platform in Cordova vulnerable to MiTM attack during Gradle fetc

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2017-3160	1 Feb 201821:29	–	osv
Cvelist	CVE-2017-3160	1 Feb 201821:00	–	cvelist
Prion	Denial of service	1 Feb 201821:29	–	prion
NVD	CVE-2017-3160	1 Feb 201821:29	–	nvd
Veracode	Man-in-the-Middle (MitM)	2 Feb 201802:33	–	veracode
seebug.org	Cordova-Android MiTM Remote Code Execution(CVE-2017-3160)	12 May 201700:00	–	seebug
IBM Security Bulletins	Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation	17 Jun 201822:33	–	ibm
Oracle	Oracle Critical Patch Update Advisory - April 2020	14 Apr 202000:00	–	oracle

Nvd

Vulners

Node

apache cordovaRange<6.1.2android

[
  {
    "product": "Apache Cordova Android",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Cordova 6.1.0 and below"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2020.html
cordova	www.cordova.apache.org/announcements/2017/01/27/android-612.html
securityfocus	www.securityfocus.com/bid/95838

Parameter	Position	Path	Description	CWE
CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL	request body	/services.gradle.org/distributions/gradle-2.14.1-all.zip	The default URI for Gradle distribution is vulnerable to MiTM due to HTTP usage.	CWE-295, CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Feb 2018 21:29Current

7.2High risk

Vulners AI Score7.2

CVSS25.8

CVSS37.4

EPSS0.00817