CVE-2014-3501
Apache Cordova Android - Remote Server Connection via WebSocket WebView Bypass
Title source: llmDescription
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69041
Vendor Advisory x_refsource_confirm
http://cordova.apache.org/announcements/2014/08/04/android-351.html
Scores
EPSS
0.0165
EPSS Percentile
82.3%
Details
CWE
CWE-254
Status
published
Products (1)
apache/cordova
3.5.0
Published
Nov 15, 2014
Tracked Since
Feb 18, 2026