CVE-2014-3501

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Common Weakness Enumeration
References
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041
http://cordova.apache.org/announcements/2014/08/04/android-351.html
http://www.securityfocus.com/bid/69041