Vulnerability CVE-2007-2401 - CERT Civis.Net

Vulnerability Name:

CVE-2007-2401 (CCN-35017)

Assigned:

2007-06-22

Published:

2007-06-22

Updated:

2022-08-09

Summary:

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function.
Note: this issue can be leveraged for cross-site scripting (XSS) attacks.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-2401

Source: CCN
Type: Apple Security Update 2007-006
About Security Update 2007-006

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305759

Source: CCN
Type: iPhone v1.0.1 Update
About the security content of iPhone v1.0.1 Update

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306173

Source: CCN
Type: Apple Web site
Apple security updates

Source: APPLE
Type: Patch
APPLE-SA-2007-06-22

Source: CCN
Type: APPLE-SA-2007-06-22
Safari 3 Beta Update 3.0.2

Source: OSVDB
Type: UNKNOWN
36449

Source: SECUNIA
Type: Patch, Vendor Advisory
25786

Source: CCN
Type: SA26287
Apple iPhone Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
26287

Source: CCN
Type: SECTRACK ID: 1018281
Mac OS X WebKit and WebCore Bugs Permit Cross-Domain Scripting Attacks and Remote Code Execution

Source: CCN
Type: US-CERT VU#845708
Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request

Source: CERT-VN
Type: US Government Resource
VU#845708

Source: CCN
Type: OSVDB ID: 36449
Apple Mac OS X / iPhone WebCore XMLHttpRequest Request CRLF Injection

Source: BUGTRAQ
Type: UNKNOWN
20070625 Safari XMLHttpRequest HTTP header injection

Source: BID
Type: Patch
24598

Source: CCN
Type: BID-24598
Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability

Source: SECTRACK
Type: Patch
1018281

Source: VUPEN
Type: UNKNOWN
ADV-2007-2296

Source: VUPEN
Type: UNKNOWN
ADV-2007-2316

Source: VUPEN
Type: UNKNOWN
ADV-2007-2731

Source: MISC
Type: Patch, Vendor Advisory
http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt

Source: XF
Type: UNKNOWN
macos-xmlhttprequest-header-injection(35017)

Source: XF
Type: UNKNOWN
macos-xmlhttprequest-header-injection(35017)

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 1.0)

AND

cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

AND

cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable