CVE-2012-3696 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 40.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJul 25

Latest updateMay 17

Description

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari5.1.7+76

🔴Vulnerability Details

GHSA

GHSA-wm88-9wvv-gw9c: CRLF injection vulnerability in WebKit in Apple Safari before 6↗2022-05-17

▶