Executive Summary
Summary | |
---|---|
Title | Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request |
Informations | |||
---|---|---|---|
Name | VU#845708 | First vendor Publication | 2007-06-22 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-26 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#845708Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP requestOverviewApple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation.I. DescriptionApple WebCore is one of the components of the WebKit web browser engine that is used by Safari, Dashboard, Mail, and other applications. WebCore provides support for the XMLHttpRequest object, which allows dynamic HTML and XML functionality. XMLHttpRequest in WebCore fails to properly serialize headers when creating an HTTP request, which can lead to a cross-domain violation.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an email attachment), an attacker may be able to execute script or obtain full access to content in a different domain. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.III. SolutionApply an updateThis issue is addressed by Apple Security Update 2007-006 .
References
This vulnerability was reported by Apple, who in turn credit Richard Moore of Westpoint Ltd. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/845708 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36449 | Apple Mac OS X / iPhone WebCore XMLHttpRequest Request CRLF Injection Mac OS X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTTP headers via LF characters in an XMLHttpRequest request upon submission to the setRequestHeader function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-25 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_SecUpd2007-006.nasl - Type : ACT_GATHER_INFO |