CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
References
Configurations
Configuration 1 (hide)
AND |
|
History
09 Aug 2022, 13:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple iphone Os
|
|
CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
Information
Published : 2007-06-25 19:30
Updated : 2023-12-10 10:40
NVD link : CVE-2007-2401
Mitre link : CVE-2007-2401
CVE.ORG link : CVE-2007-2401
JSON object : View
Products Affected
apple
- mac_os_x
- mac_os_x_server
- iphone_os
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')