CVE-2014-3501

EUVD-2014-3503
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Common Weakness Enumeration
References
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041