CVE-2014-0072
moderate-risk
Published 2017-10-30
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Cordova File Transfer
Affected Vendors
References (12)
Issue Tracking
http://d3adend.org/blog/?p=403
Mailing List
http://seclists.org/fulldisclosure/2014/Mar/29
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/91561
Issue Tracking
http://d3adend.org/blog/?p=403
Mailing List
http://seclists.org/fulldisclosure/2014/Mar/29
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/91561
37
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
4/34 · Minimal
Exposure
7/34 · Low