CVE-2014-0073 : The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) befor

The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.

Published 2017-10-30 19:29:00

Updated 2018-10-09 19:35:25

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-0073

Probability of exploitation activity in the next 30 days: 0.64%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0073

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2014-0073

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0073

https://exchange.xforce.ibmcloud.com/vulnerabilities/91560

Apache Cordova In-App-Browser privilege escalation CVE-2014-0073 Vulnerability Report
Issue Tracking;Third Party Advisory;VDB Entry
http://d3adend.org/blog/?p=403

dead && end
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2014/Mar/30

Full Disclosure: [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation
Mailing List;Third Party Advisory
https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55

Validate that callbackId is correctly formed · apache/cordova-plugin-inappbrowser@26702cb · GitHub
Issue Tracking;Patch;Vendor Advisory
http://www.securityfocus.com/bid/65959

Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
http://www.securityfocus.com/archive/1/531334/100/0/threaded

SecurityFocus
https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E

[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation
Issue Tracking;Vendor Advisory

Products affected by CVE-2014-0073

Apache » Cordova » For Iphone Os
Versions from including (>=) 2.6.0 and up to, including, (<=) 2.9.0
cpe:2.3:a:apache:cordova:*:*:*:*:*:iphone_os:*:*
Matching versions
Apache » Cordova In-app-browser » For Iphone Os
Versions up to, including, (<=) 0.3.1
cpe:2.3:a:apache:cordova_in-app-browser:*:*:*:*:*:iphone_os:*:*
Matching versions

Vulnerability Details : CVE-2014-0073

Exploit prediction scoring system (EPSS) score for CVE-2014-0073

CVSS scores for CVE-2014-0073

CWE ids for CVE-2014-0073

References for CVE-2014-0073

Products affected by CVE-2014-0073