Lucene search

K

MitreCVELIST:CVE-2007-2401

HistoryJun 25, 2007 - 7:00 p.m.

CVE-2007-2401

2007-06-2519:00:00

mitre

www.cve.org

6

AI Score

5.7

Confidence

High

EPSS

0.014

Percentile

86.5%

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

References

docs.info.apple.com/article.html?artnum=305759

docs.info.apple.com/article.html?artnum=306173

lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html

osvdb.org/36449

secunia.com/advisories/25786

secunia.com/advisories/26287

www.kb.cert.org/vuls/id/845708

www.securityfocus.com/archive/1/472198/100/0/threaded

www.securityfocus.com/bid/24598

www.securitytracker.com/id?1018281

www.vupen.com/english/advisories/2007/2296

www.vupen.com/english/advisories/2007/2316

www.vupen.com/english/advisories/2007/2731

www.westpoint.ltd.uk/advisories/wp-07-0002.txt

exchange.xforce.ibmcloud.com/vulnerabilities/35017

AI Score

5.7

Confidence

High

EPSS

0.014

Percentile

86.5%

Related for CVELIST:CVE-2007-2401

prion1 exploitdb1 nvd1 securityvulns1 cve1 cert1 nessus1 seebug1