|
|
CVE Reference: CVE-2007-2401 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2401 |
|
|
Description: CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35017 ST 1018281 SAID Secunia Advisory: SA25786 Secunia Advisory: SA26287 MISC http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt CONFIRM http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=305759 CERT-VN 845708 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/472198/100/0/threaded BID 24598 APPLE http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html |
|
| Return to the previous page. |
