CVE-2015-1835

Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:cordova:4.0.1:*:*:*:*:android:*:*
cpe:2.3:a:apache:cordova:4.0.0:*:*:*:*:android:*:*
cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*

Information

Published : 2017-10-27 12:29

Updated : 2017-11-16 10:45


NVD link : CVE-2015-1835

Mitre link : CVE-2015-1835


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

apache

  • cordova