JVNDB-2015-000142

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers.
Android applications that use cordova-plugin-file-transfer contain a HTTP header injection vulnerability due to a flaw in processing file names.

Muneaki Nishimura of Sony Digital Network Applications, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Apache Software Foundation

• cordova-plugin-file-transfer 1.2.1 and earlier versions

File name inclusion in additional HTTP headers may result in a forged webpage to be displayed on the user's web browser, arbitrary script execution, or setting arbitrary values for cookies.

[Update the plugin and rebuild the application]
Update cordova-plugin-file-transfer to 1.3.0 or above versions and rebuild the application.
According to the developer, the updated version is compliant with RFC2616, therefore any non-ASCII characters and control characters will be deleted when adding HTTP headers.

For more information, please refer to the information provided by the developer.

Apache Software Foundation

• Apache Cordova : The Apache Cordova Project Management Committee (PMC) website

1. Improper Input Validation(CWE-20) [IPA Evaluation]

1. CVE-2015-5204

1. JVN : JVN#21612597
2. National Vulnerability Database (NVD) : CVE-2015-5204

• [2015/09/29]
    Web page was published
  [2015/12/21]
    References : Content was added