Lucene search
RedhatCVELIST:CVE-2014-0072HistoryOct 30, 2017 - 7:00 p.m.
CVE-2014-0072
2017-10-3019:00:00
redhat
www.cve.org
0.002 Low
EPSS
Percentile
60.5%
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
References
d3adend.org/blog/?p=403
seclists.org/fulldisclosure/2014/Mar/29
www.securityfocus.com/archive/1/531335/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/91561
github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668
mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E
Related
nvd
nvd
CVE-2014-0072
2017-10-30 19:29:00
cve
cve
CVE-2014-0072
2017-10-30 19:29:00
veracode
veracode
Insecure Defaults
2017-10-31 05:24:18
seebug
seebug
Apache Cordova文件传输不安全默认值漏洞
2014-03-07 00:00:00
securityvulns
securityvulns
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults
2014-05-05 00:00:00
prion
prion
Code injection
2017-10-30 19:29:00