CVE-2012-6637

Published: Mar 3, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring.

Affected (29)

Products: Apache: Cordova · Adobe: Phonegap

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apache Cordova	Up to 3.3.0
Apache Cordova	Version 3.0.0
Apache Cordova	Version 3.0.0 rc1
Apache Cordova	Version 3.1.0
Apache Cordova	Version 3.1.0 rc1
Apache Cordova	Version 3.2.0
Apache Cordova	Version 3.2.0 rc1
Apache Cordova	Version 3.3.0 rc1

Configuration B

21 vulnerable

Vulnerable Software	Affected Versions
Adobe Phonegap	Up to 2.9.0
Adobe Phonegap	Version 2.0.0
Adobe Phonegap	Version 2.0.0 rc1
Adobe Phonegap	Version 2.1.0
Adobe Phonegap	Version 2.2.0
Adobe Phonegap	Version 2.2.0 rc1
Adobe Phonegap	Version 2.2.0 rc2
Adobe Phonegap	Version 2.3.0
Adobe Phonegap	Version 2.3.0 rc1
Adobe Phonegap	Version 2.3.0 rc2
Adobe Phonegap	Version 2.4.0
Adobe Phonegap	Version 2.4.0 rc1
Adobe Phonegap	Version 2.5.0
Adobe Phonegap	Version 2.5.0 rc1
Adobe Phonegap	Version 2.6.0
Adobe Phonegap	Version 2.6.0 rc1
Adobe Phonegap	Version 2.7.0
Adobe Phonegap	Version 2.7.0 rc1
Adobe Phonegap	Version 2.8.0
Adobe Phonegap	Version 2.8.1
Adobe Phonegap	Version 2.9.0 rc1