The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari prior to 4.0.4 and Google Chrome prior to 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
google chrome |
||
apple iphone os |
||
opensuse opensuse 11.2 |
||
opensuse opensuse 11.3 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 12 |