CVE-2015-1835
First published: Fri Oct 27 2017(Updated: )
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Cordova Android | <=3.7.1 | |
| Apache Cordova Android | =4.0.0 | |
| Apache Cordova Android | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-1835?
The severity of CVE-2015-1835 is rated as medium with a score of 5.3.
How do I fix CVE-2015-1835?
To fix CVE-2015-1835, update Apache Cordova Android to version 3.7.2 or 4.0.2 or later.
Which versions are affected by CVE-2015-1835?
CVE-2015-1835 affects Apache Cordova Android versions prior to 3.7.2 and 4.x versions before 4.0.2.
What type of vulnerability is CVE-2015-1835?
CVE-2015-1835 is categorized as a vulnerability that allows modification of undefined secondary configuration variables.
Can CVE-2015-1835 be exploited remotely?
Yes, CVE-2015-1835 can be exploited by remote attackers through crafted intent URLs.
- collector/nvd-index
- vendor/apache
- product/cordova
- canonical/apache cordova android