CVE-2014-0072: Input Validation
First published: Mon Oct 30 2017(Updated: )
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Cordova File Transfer | <=0.4.1 | |
| Apache Cordova | >=2.4.0<=2.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://d3adend.org/blog/?p=403
- http://seclists.org/fulldisclosure/2014/Mar/29
- http://www.securityfocus.com/archive/1/531335/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91561
- https://github.com/apache/cordova-plugin-file-transfer/commit/a1d6fc07e8a40c1b2b16f4103c403b30e1089668
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw@mail.gmail.com%3E
- https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXKL9JtkehHC0jEoRwdvVKXt-d5uj40EwNY-Gk3ttX=wJw%40mail.gmail.com%3E
- collector/nvd-index
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache cordova file transfer
- version/apache cordova file transfer/0.4.1
- canonical/apache cordova
- version/apache cordova/2.4.0
- version/apache cordova/2.9.0