CVE-2007-2401

N/A Unknown
Published: June 25, 2007 Modified: April 23, 2026
View on NVD

Description

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://docs.info.apple.com/article.html?artnum=305759
Source: cve@mitre.org
http://docs.info.apple.com/article.html?artnum=306173
Source: cve@mitre.org
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
Source: cve@mitre.org
Patch
http://osvdb.org/36449
Source: cve@mitre.org
http://secunia.com/advisories/25786
Source: cve@mitre.org
Patch Vendor Advisory
http://secunia.com/advisories/26287
Source: cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/845708
Source: cve@mitre.org
US Government Resource
http://www.securityfocus.com/archive/1/472198/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/24598
Source: cve@mitre.org
Patch
http://www.securitytracker.com/id?1018281
Source: cve@mitre.org
Patch
http://www.vupen.com/english/advisories/2007/2296
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/2316
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2007/2731
Source: cve@mitre.org
http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt
Source: cve@mitre.org
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35017
Source: cve@mitre.org
http://docs.info.apple.com/article.html?artnum=305759
Source: af854a3a-2127-422b-91ae-364da2661108
http://docs.info.apple.com/article.html?artnum=306173
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://osvdb.org/36449
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25786
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://secunia.com/advisories/26287
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/845708
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/archive/1/472198/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/24598
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1018281
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.vupen.com/english/advisories/2007/2296
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2316
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2731
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35017
Source: af854a3a-2127-422b-91ae-364da2661108

30 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.3%
87th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

apple

Related CVEs

CVE-2021-47981 5.4
CVE-2021-47980 7.1
CVE-2021-47979 8.8
CVE-2021-47978 6.2
CVE-2021-47977 7.5