Will re-send to bugtraq On Tue, Sep 22, 2015 at 11:22 AM, Joe Bowser <[email protected]> wrote: > CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File > Transfer Plugin for Android > > Severity: > Medium > > Vendor: > The Apache Software Foundation > > Versions Affected: > Cordova Android File Transfer Plugin (1.2.1 and below) > > Description: > Android applications built with the Cordova framework that use the File > Transfer Plugin can have the HTTP headers set by that plugin be manipulated > by the filename being uploaded. This allows for for cookies to be forged > by the Cordova application, or for the file payload to be replaced in some > situations. Remotely hosted applications and applications developed with > Cordova that allow the user to manually enter the filename are > especially vulnerable to this issue. > > Upgrade path: > Developers who are concerned about this issue should install version 1.3.0 > or higher of the Cordova File Transfer Plugin and rebuild their > applications. This plugin now conforms with RFC-2616 and no longer allows > non-ASCII characters and control characters in header names or values. > Any non-ASCII characters will be removed from the header. Developers > should be aware, > and encode these characters before adding the values to the header. > > Credit: > This issue was discovered by Muneaki Nishimura (Sony Digital Network > Applications, Inc.)
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
