CVE-2014-1883 - Vulnerability Details - OpenCVE

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Phonegap

Configuration 1 [-]

OR	cpe:2.3:a:adobe:phonegap::::::::
	cpe:2.3:a:adobe:phonegap:2.0.0:::::::*
	cpe:2.3:a:adobe:phonegap:2.0.0:rc1::::::
	cpe:2.3:a:adobe:phonegap:2.1.0:::::::*
	cpe:2.3:a:adobe:phonegap:2.2.0:::::::*
	cpe:2.3:a:adobe:phonegap:2.2.0:rc1::::::
	cpe:2.3:a:adobe:phonegap:2.2.0:rc2::::::
	cpe:2.3:a:adobe:phonegap:2.3.0:::::::*
	cpe:2.3:a:adobe:phonegap:2.3.0:rc1::::::
	cpe:2.3:a:adobe:phonegap:2.3.0:rc2::::::
	cpe:2.3:a:adobe:phonegap:2.4.0:::::::*
	cpe:2.3:a:adobe:phonegap:2.4.0:rc1::::::
	cpe:2.3:a:adobe:phonegap:2.5.0:rc1::::::

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2014/02/07/9
http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt
http://seclists.org/bugtraq/2014/Jan/96
http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf
http://www.internetsociety.org/ndss2014/programme#session3
https://github.com/phonegap/phonegap/blob/2.6.0/changelog

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-03T02:00:00

Updated: 2024-08-06T09:58:15.600Z

Reserved: 2014-02-07T00:00:00

Link: CVE-2014-1883

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-03-03T04:50:46.313

Modified: 2024-11-21T02:05:12.217

Link: CVE-2014-1883

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-03T01:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.internetsociety.org/ndss2014/programme#session3"}, {"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/bugtraq/2014/Jan/96"}, {"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/02/07/9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", "refsource": "MISC", "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"}, {"name": "http://www.internetsociety.org/ndss2014/programme#session3", "refsource": "MISC", "url": "http://www.internetsociety.org/ndss2014/programme#session3"}, {"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2014/Jan/96"}, {"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/02/07/9"}, {"name": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog", "refsource": "MISC", "url": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog"}, {"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:15.600Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.internetsociety.org/ndss2014/programme#session3"}, {"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://seclists.org/bugtraq/2014/Jan/96"}, {"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/02/07/9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-1883", "datePublished": "2014-03-03T02:00:00", "dateReserved": "2014-02-07T00:00:00", "dateUpdated": "2024-08-06T09:58:15.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:phonegap:*:*:*:*:*:*:*:*", "matchCriteriaId": "93E78BA0-EE60-4C8F-B92A-2A69D8DD43A1", "versionEndIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3B05BE6-D8DA-40C8-BA86-67B1FD906975", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C57DD500-22A7-4209-AEF7-DC8930F1BDD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "16EC33AF-5D22-418D-8604-EB549A197209", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C8124E0-6A2F-493E-875E-1D0E613A366B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D6D5BDFF-A635-45D6-A346-754BFACD00A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0A0B3637-4927-47AD-87A0-EE411C12EE06", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6451A3E-BEB0-4EE0-AD88-8CE3E048CB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EBEEDD73-74C5-4299-8509-324A829623D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0BC85762-A07D-4C44-8458-08FC2F717462", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C19E85E-6E96-4F24-8A10-393B9DB1770F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CA489695-A354-4921-903F-65AD650BCB61", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:phonegap:2.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4C20AC3F-8A9D-4450-AB38-2FC4A19605F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application."}, {"lang": "es", "value": "Adobe PhoneGap anterior a 2.6.0 en Android utiliza la devoluci\u00f3n de llamada shouldOverrideUrlLoading en lugar de la debida devoluci\u00f3n de llamada shouldInterceptRequest, lo que permite a atacantes remotos evadir restricciones \"device-resource\" a trav\u00e9s de contenido que es accedido (1) en un elemento IFRAME o (2) con el m\u00e9todo XMLHttpRequest mediante una aplicaci\u00f3n manipulada."}], "id": "CVE-2014-1883", "lastModified": "2024-11-21T02:05:12.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-03T04:50:46.313", "references": [{"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/02/07/9"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://seclists.org/bugtraq/2014/Jan/96"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"}, {"source": "cve@mitre.org", "url": "http://www.internetsociety.org/ndss2014/programme#session3"}, {"source": "cve@mitre.org", "url": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/02/07/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://seclists.org/bugtraq/2014/Jan/96"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.internetsociety.org/ndss2014/programme#session3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/phonegap/phonegap/blob/2.6.0/changelog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}