Skip to main content

Cordova CVE-2012-6637

HIGH
Improper Input Validation (CWE-20)
2014-03-03 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 03, 2014 - 04:50 cve.org
HIGH 7.5

DescriptionCVE.org

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

AnalysisAI

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-20. Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring. Affected products include: Apache Cordova, Adobe Phonegap.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-0073 CRITICAL
9.8 Oct 30

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) befor

CVE-2014-1884 HIGH POC
7.5 Mar 03

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict

CVE-2014-1881 HIGH POC
7.5 Mar 03

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-r

CVE-2021-21315 HIGH POC
7.8 Feb 16

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions t

CVE-2015-1835 MEDIUM POC
5.3 Oct 27

Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml

CVE-2014-1882 HIGH
7.5 Mar 03

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-r

CVE-2014-0072 HIGH
7.5 Oct 30

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.

CVE-2016-6799 HIGH
7.5 May 09

Product: Apache Cordova Android 5.2.2 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2014-3500 MEDIUM
6.4 Nov 15

Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. Rated med

CVE-2015-8320 MEDIUM
5.0 Nov 23

Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for

CVE-2015-5207 MEDIUM
5.3 May 09

Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load

CVE-2015-5208 MEDIUM
4.4 May 09

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. Rated medium severity (

Share

CVE-2012-6637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy