CVE-2007-2404 — Cross-site Scripting in Apple MAC OS X

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedAug 3

Latest updateMay 1

Description

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/mac_os_x21 versions+20

▶NVDapple/mac_os_x_server21 versions+20

Patches

Patch: docs.info.apple.com ↗Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-423c-qxjp-p4hr: CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10↗2022-05-01

▶