9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.041 Low
EPSS
Percentile
92.2%
The Android API before 17 does not properly restrict the
WebView.addJavascriptInterface method, which allows remote attackers to
execute arbitrary methods of Java objects by using the Java Reflection API
within crafted JavaScript code that is loaded into the WebView component in
an application targeted to API level 16 or earlier, a related issue to
CVE-2013-4710.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | cordova-ubuntu-3.4 | < any | UNKNOWN |
packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt
www.openwall.com/lists/oss-security/2014/02/03/7
www.openwall.com/lists/oss-security/2014/02/07
launchpad.net/bugs/cve/CVE-2012-6636
nvd.nist.gov/vuln/detail/CVE-2012-6636
security-tracker.debian.org/tracker/CVE-2012-6636
www.cve.org/CVERecord?id=CVE-2012-6636