3 matches found
Adobe PhoneGap设备资源限制绕过漏洞
CVE ID:CVE-2014-1883 Apache PhoneGap是一款容易使用HTML5和JavaScript构建跨平台的移动应用的流行开源平台。 安卓平台上的Adobe PhoneGap使用shouldOverrideUrlLoading回调来代替正确的shouldInterceptRequest回调,允许攻击者利用漏洞通过特制的XMLHttpRequest方法来绕过设备资源限制,执行恶意操作。 0 Adobe PhoneGap 2.6.0 目前没有详细解决方案提供: https://cordova.apache.org/...
CVE-2014-1883
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...
CVE-2014-1883
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed 1 in an IFRAME element or 2 with the XMLHttpRequest...