CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone prior to 1.0.1, allows remote malicious users to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac_os_x_server 10.4.9 |
||
apple mac_os_x 10.4.9 |
||
apple mac_os_x_server 10.3.9 |
||
apple mac_os_x 10.3.9 |