CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-08-03 03:17
Updated : 2017-07-28 18:31
NVD link : CVE-2007-2404
Mitre link : CVE-2007-2404
JSON object : View
CWE
Products Affected
apple
- mac_os_x
- mac_os_x_server