3 matches found
Security Bulletin: IBM Mobile Foundation, IBM Worklight, and IBM Worklight Foundation are affected by the following Apache Cordova vulnerabilities: CVE-2014-3500, CVE-2014-3501 and CVE-2014-3502
Summary Apache Cordova, which is used by these products, is vulnerable to Cross-Application Scripting XAS and Data Exfiltration vulnerabilities. A remote attacker might exploit these vulnerabilities to expose sensitive data from the mobile application. Vulnerability Details CVEID: CVE-2014-3500...
CVE-2014-3501
Apache Cordova for Android prior to 3.5.1 is vulnerable (CVE-2014-3501) to bypass the HTTP allowlist via WebView by using JavaScript to open non-http channels, enabling a remote attacker to reach arbitrary servers. The issue stems from improper use of an allowlist when WebView handles non-http co...
(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities
Hi, We have recently discovered a severe Cross-Application Scripting XAS vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In addition,...