CVE-2012-6636
Summary
| CVE | CVE-2012-6636 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-03 04:50:00 UTC |
| Updated | 2023-11-07 02:13:00 UTC |
| Description | The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Android Api | 1.0 | All | All | All | |
| Application | Android Api | 10.0 | All | All | All | |
| Application | Android Api | 11.0 | All | All | All | |
| Application | Android Api | 12.0 | All | All | All | |
| Application | Android Api | 13.0 | All | All | All | |
| Application | Android Api | 14.0 | All | All | All | |
| Application | Android Api | 15.0 | All | All | All | |
| Application | Android Api | 2.0 | All | All | All | |
| Application | Android Api | 3.0 | All | All | All | |
| Application | Android Api | 4.0 | All | All | All | |
| Application | Android Api | 5.0 | All | All | All | |
| Application | Android Api | 6.0 | All | All | All | |
| Application | Android Api | 7.0 | All | All | All | |
| Application | Android Api | 8.0 | All | All | All | |
| Application | Android Api | 9.0 | All | All | All | |
| Application | Android Api | 1.0 | All | All | All | |
| Application | Android Api | 10.0 | All | All | All | |
| Application | Android Api | 11.0 | All | All | All | |
| Application | Android Api | 12.0 | All | All | All | |
| Application | Android Api | 13.0 | All | All | All | |
| Application | Android Api | 14.0 | All | All | All | |
| Application | Android Api | 15.0 | All | All | All | |
| Application | Android Api | 2.0 | All | All | All | |
| Application | Android Api | 3.0 | All | All | All | |
| Application | Android Api | 4.0 | All | All | All | |
| Application | Android Api | 5.0 | All | All | All | |
| Application | Android Api | 6.0 | All | All | All | |
| Application | Android Api | 7.0 | All | All | All | |
| Application | Android Api | 8.0 | All | All | All | |
| Application | Android Api | 9.0 | All | All | All | |
| Application | Android Api | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WebView | Android Developers | CONFIRM | developer.android.com | |
| Build.VERSION_CODES | Android Developers | CONFIRM | developer.android.com | |
| oss-security - Re: CVE request: multiple issues in Apache Cordova/PhoneGap | MLIST | openwall.com | |
| WebView | Android Developers | developer.android.com | ||
| Abusing WebView JavaScript Bridges | dead && end | MISC | 50.56.33.56 | |
| SHAREit for Android Vulnerabilities | CONFIRM | support.lenovo.com | |
| NDSS 2014 - Programme | Internet Society | MISC | www.internetsociety.org | |
| www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf | MISC | www.cs.utexas.edu | Exploit |
| JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution | JVN | jvn.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.