CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-08-03 10:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-2404
Mitre link : CVE-2007-2404
CVE.ORG link : CVE-2007-2404
JSON object : View
Products Affected
apple
- mac_os_x
- mac_os_x_server
CWE