CVE-2015-1835
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL.
Apache Cordova Android en versiones anteriores a la 3.7.2 y versiones 4.x anteriores a la 4.0.2, cuando una aplicación no establece valores explícitos en config.xml, permite que atacantes remotos modifiquen variables de configuración secundarias no definidas (preferencias) mediante una URL intent: manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-02-17 CVE Reserved
- 2015-05-28 CVE Published
- 2023-03-20 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74866 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cordova.apache.org/announcements/2015/05/26/android-402.html | 2017-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Cordova Search vendor "Apache" for product "Cordova" | <= 3.7.1 Search vendor "Apache" for product "Cordova" and version " <= 3.7.1" | android |
Affected
| ||||||
| Apache Search vendor "Apache" | Cordova Search vendor "Apache" for product "Cordova" | 4.0.0 Search vendor "Apache" for product "Cordova" and version "4.0.0" | android |
Affected
| ||||||
| Apache Search vendor "Apache" | Cordova Search vendor "Apache" for product "Cordova" | 4.0.1 Search vendor "Apache" for product "Cordova" and version "4.0.1" | android |
Affected
| ||||||