CVE-2014-0072

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

1.5%

Exploitation probability in 30 days

Top 19% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

High

Availability

None

Published: October 30, 2017 (3118 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.

CWE

CWE-20

Affected Products

apache cordova file transferapache cordova

References

🔗 d3adend.org 🔗 seclists.org 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 github.com

CVE-2014-0072

Vulnerability Report

Description

CWE

Affected Products

References