CVE-2007-2401
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.018 Low
EPSS
Percentile
88.1%
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
References
docs.info.apple.com/article.html?artnum=305759
docs.info.apple.com/article.html?artnum=306173
lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
osvdb.org/36449
secunia.com/advisories/25786
secunia.com/advisories/26287
www.kb.cert.org/vuls/id/845708
www.securityfocus.com/archive/1/472198/100/0/threaded
www.securityfocus.com/bid/24598
www.securitytracker.com/id?1018281
www.vupen.com/english/advisories/2007/2296
www.vupen.com/english/advisories/2007/2316
www.vupen.com/english/advisories/2007/2731
www.westpoint.ltd.uk/advisories/wp-07-0002.txt
exchange.xforce.ibmcloud.com/vulnerabilities/35017
Related
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.018 Low
EPSS
Percentile
88.1%