Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2007-2401 | First vendor Publication | 2007-06-25 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2401 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36449 | Apple Mac OS X / iPhone WebCore XMLHttpRequest Request CRLF Injection Mac OS X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP headers via LF characters in an XMLHttpRequest request upon submission to the setRequestHeader function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-06-25 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_SecUpd2007-006.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:17:02 |
|
| 2024-11-28 12:12:12 |
|
| 2024-08-02 12:06:48 |
|
| 2024-08-02 01:02:17 |
|
| 2024-02-02 01:06:26 |
|
| 2024-02-01 12:02:16 |
|
| 2023-09-05 12:06:00 |
|
| 2023-09-05 01:02:07 |
|
| 2023-09-02 12:06:07 |
|
| 2023-09-02 01:02:08 |
|
| 2023-08-12 12:07:06 |
|
| 2023-08-12 01:02:08 |
|
| 2023-08-11 12:06:09 |
|
| 2023-08-11 01:02:12 |
|
| 2023-08-06 12:05:51 |
|
| 2023-08-06 01:02:09 |
|
| 2023-08-04 12:05:57 |
|
| 2023-08-04 01:02:12 |
|
| 2023-07-14 12:05:56 |
|
| 2023-07-14 01:02:10 |
|
| 2023-03-29 01:06:37 |
|
| 2023-03-28 12:02:15 |
|
| 2022-10-11 12:05:16 |
|
| 2022-10-11 01:02:00 |
|
| 2022-08-09 17:27:48 |
|
| 2021-09-16 01:03:44 |
|
| 2020-05-23 01:38:09 |
|
| 2020-05-23 00:19:41 |
|
| 2018-10-16 21:19:56 |
|
| 2017-07-29 12:02:12 |
|
| 2016-06-28 16:26:01 |
|
| 2016-04-26 16:04:37 |
|
| 2014-02-17 10:40:02 |
|
| 2013-05-11 10:24:23 |
|
