Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
References
Link | Resource |
---|---|
https://cordova.apache.org/announcements/2015/05/26/android-402.html | Release Notes Vendor Advisory |
http://www.securityfocus.com/bid/74866 | Third Party Advisory VDB Entry |
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/ | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-10-27 12:29
Updated : 2017-11-16 10:45
NVD link : CVE-2015-1835
Mitre link : CVE-2015-1835
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
apache
- cordova