exploitDog

CVE-2007-2401

Опубликовано: 25 июн. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 1.0 (включая)

Одно из

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03181

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mpp5-3g49-3p3w

github

почти 4 года назад

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

EPSS

Процентиль: 87%

0.03181

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79