CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-06-25T19:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-04-30T00:00:00
Link: CVE-2007-2401
JSON object: View
NVD Information
Status : Modified
Published: 2007-06-25T19:30:00.000
Modified: 2022-08-09T13:46:58.447
Link: CVE-2007-2401
JSON object: View
Redhat Information
No data.
CWE