CVE-2014-3501 Information

Description

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

Reference

http://cordova.apache.org/announcements/2014/08/04/android-351.html http://www.securityfocus.com/bid/69041