ID

VAR-200706-0349

CVE

CVE-2007-2401

TITLE

Apple Safari cross-domain HTTP redirection race condition

DESCRIPTION

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may exploit this issue by enticing victims into visiting a malicious website. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. The specific vulnerability entries are as follows: * CVE-2007-2401 XMLHttpRequest of the WebCore software package has a vulnerability in processing HTTP request headers, resulting in cross-site scripting. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iPhone Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26287 VERIFY ADVISORY: http://secunia.com/advisories/26287/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Spoofing, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/ DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system. 2) A boundary error in the Perl Compatible Regular Expressions (PCRE) library used by the Javascript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. Successful exploitation may allow execution of arbitrary code. 3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests. For more information see vulnerability #2 in: SA25786 4) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL by registering domain names with certain international characters that resembles other commonly used characters. 5) An invalid type conversion when rendering frame sets may allow execution of arbitrary code. For more information see vulnerability #1 in: SA25786 SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173 OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

XSS

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Richard Moore of Westpoint Ltd is credited with the discovery of this vulnerability.

SOURCES

LAST UPDATE DATE

2024-08-14T12:39:54.386000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE