CVE-2007-2401 - OpenCVE

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Mac Os X Server

Configuration 1 [-]

AND

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305759
http://docs.info.apple.com/article.html?artnum=306173
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
http://osvdb.org/36449
http://secunia.com/advisories/25786
http://secunia.com/advisories/26287
http://www.kb.cert.org/vuls/id/845708
http://www.securityfocus.com/archive/1/472198/100/0/threaded
http://www.securityfocus.com/bid/24598
http://www.securitytracker.com/id?1018281
http://www.vupen.com/english/advisories/2007/2296
http://www.vupen.com/english/advisories/2007/2316
http://www.vupen.com/english/advisories/2007/2731
http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/35017

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-25T19:00:00

Updated: 2024-08-07T13:33:28.923Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2401

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-25T19:30:00.000

Modified: 2022-08-09T13:46:58.447

Link: CVE-2007-2401

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-2316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "macos-xmlhttprequest-header-injection(35017)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35017"}, {"name": "APPLE-SA-2007-06-22", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"}, {"name": "25786", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25786"}, {"tags": ["x_refsource_MISC"], "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"}, {"name": "26287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26287"}, {"name": "20070625 Safari XMLHttpRequest HTTP header injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/472198/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305759"}, {"name": "24598", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24598"}, {"name": "ADV-2007-2731", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2731"}, {"name": "36449", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36449"}, {"name": "1018281", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018281"}, {"name": "ADV-2007-2296", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2296"}, {"name": "VU#845708", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/845708"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2401", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-2316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"name": "http://docs.info.apple.com/article.html?artnum=306173", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "macos-xmlhttprequest-header-injection(35017)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35017"}, {"name": "APPLE-SA-2007-06-22", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"}, {"name": "25786", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25786"}, {"name": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt", "refsource": "MISC", "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"}, {"name": "26287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26287"}, {"name": "20070625 Safari XMLHttpRequest HTTP header injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/472198/100/0/threaded"}, {"name": "http://docs.info.apple.com/article.html?artnum=305759", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305759"}, {"name": "24598", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24598"}, {"name": "ADV-2007-2731", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2731"}, {"name": "36449", "refsource": "OSVDB", "url": "http://osvdb.org/36449"}, {"name": "1018281", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018281"}, {"name": "ADV-2007-2296", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2296"}, {"name": "VU#845708", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/845708"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.923Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-2316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "macos-xmlhttprequest-header-injection(35017)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35017"}, {"name": "APPLE-SA-2007-06-22", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"}, {"name": "25786", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25786"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"}, {"name": "26287", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26287"}, {"name": "20070625 Safari XMLHttpRequest HTTP header injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/472198/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305759"}, {"name": "24598", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24598"}, {"name": "ADV-2007-2731", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2731"}, {"name": "36449", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36449"}, {"name": "1018281", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018281"}, {"name": "ADV-2007-2296", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2296"}, {"name": "VU#845708", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/845708"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2401", "datePublished": "2007-06-25T19:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.923Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6095A36B-BE17-4F65-81E6-2CAFACDF9577", "versionEndIncluding": "1.0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "3029892E-1375-4F40-83D3-A51BDC4E9840", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de CRLF en WebCore en Mac OS X las versiones 10.3.9, 10.4.9 y posterior, y iPhone anterior a la versi\u00f3n 1.0.1, permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de caracteres LF en una petici\u00f3n XMLHttpRequest, que no se filtran al serializar los encabezados por medio de la funci\u00f3n setRequestHeader. NOTA: este problema puede explotarse por ataques de tipo cross-site scripting (XSS)."}], "id": "CVE-2007-2401", "lastModified": "2022-08-09T13:46:58.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-25T19:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305759"}, {"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36449"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25786"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26287"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/845708"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/472198/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24598"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1018281"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2296"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2731"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35017"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}