QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1883

Published: Mar 3, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf

x_refsource_MISC

http://www.internetsociety.org/ndss2014/programme#session3

x_refsource_MISC

20140124 Security Vulnerabilities in Apache Cordova / PhoneGap

mailing-list

x_refsource_BUGTRAQ

[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap

mailing-list

x_refsource_MLIST

https://github.com/phonegap/phonegap/blob/2.6.0/changelog

x_refsource_MISC

http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2014-1883 - Security Vulnerability | QwikSec