|
Description
|
|
(:An HTTP header injection vulnerability has been identified in the Apache Cordova File Transfert plugin for Android.:A remote attacker could exploit it in order to inject arbitrary HTML or script in the context of its victim by enticing her to download a specially crafted file.::This vulnerability is due to a lack of verification of the file's name.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Cordova (Apache Software Foundation) - 1.0, 1.2.1Worklight (IBM) - 5.0.x, 6.x
|
|
|
|
|
|
Solution
|
|
IBM has released interim fixes via APAR PI47658 for Worklight in order to fix this vulnerability.
|
|
|
|
|
|
CVE
|
|
CVE-2015-5204
|
|
|
|
|
|
References
|
|
- oss-sec : HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android
http://seclists.org/oss-sec/2015/q3/618
- IBM : Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)
http://www-01.ibm.com/support/docview.wss?uid=swg21971225
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
