CVE-2007-2401 Information

Feb 14, 2021 cve

Description

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9 10.4.9 and later and iPhone before 1.0.1 allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

Reference

http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36449 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/845708 http://www.securityfocus.com/archive/1/472198/100/0/threaded http://www.securityfocus.com/bid/24598 http://www.securitytracker.com/id?1018281 http://www.vupen.com/english/advisories/2007/2296 http://www.vupen.com/english/advisories/2007/2316 http://www.vupen.com/english/advisories/2007/2731 http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/35017

Share on: