- 漏洞信息

102782
Apache Cordova / PhoneGap on Android Substring Matching Whitelisting Bypass Weakness
Context Dependent, Mobile Phone / Hand-held Device Input Manipulation
Loss of Integrity Third-Party Solution
Exploit Unknown No Vendor Response

- 漏洞描述

Apache Cordova and PhoneGap contain a flaw that is triggered during substring matching. This may allow a context-dependent attacker to bypass whitelist protection mechanisms.

- 时间线

2014-01-24 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or vendor upgrades to correct this issue. However, the researchers who disclosed this issue have released 'NoFrak', which they claim fixes this vulnerability. As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站