CVE-2014-0072CVE-2014-0072

Affected configuration(s):

cpe:/a:apache:cordova_file_transfer:0.4.1::~~~iphone_os~~

Date published: 2017-10-30T15:29:00.327-04:00

Date last modified: 2017-11-21T13:19:55.883-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://d3adend.org/blog/?p=403

Summary: ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.