Apple WebCore XMLHTTPRequest Cross-Site Scripting Vulnerability

Bugtraq ID:	24598
Class:	Input Validation Error
CVE:	CVE-2007-2401
Remote:	Yes
Local:	No
Published:	Jun 22 2007 12:00AM
Updated:	Aug 01 2007 06:55PM
Credit:	Richard Moore of Westpoint Ltd is credited with the discovery of this vulnerability.
Vulnerable:	WebKit Open Source Project WebKit 0 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.1 Beta for Windows Apple Safari 2.0.4 Apple Safari 2.0.3 Apple Safari 2.0.2 Apple Safari 2.0.1 + Apple Mac OS X 10.4.2 + Apple Mac OS X 10.4.1 + Apple Mac OS X 10.4 + Apple Mac OS X Server 10.4.2 + Apple Mac OS X Server 10.4.1 + Apple Mac OS X Server 10.4 Apple Safari 1.3.1 + Apple Mac OS X 10.3.9 Apple Safari 1.3 + Apple Mac OS X 10.3.9 Apple Safari 1.2.3 Apple Safari 1.2.2 Apple Safari 1.2.1 Apple Safari 1.2 + Apple Mac OS X 10.3.7 + Apple Mac OS X 10.3.7 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.3.4 + Apple Mac OS X 10.3.4 + Apple Mac OS X 10.3.3 + Apple Mac OS X 10.3.3 + Apple Mac OS X 10.3.2 + Apple Mac OS X 10.3.2 + Apple Mac OS X 10.3.1 + Apple Mac OS X 10.3.1 + Apple Mac OS X 10.3 + Apple Mac OS X 10.3 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2 + Apple Mac OS X 10.2 + Apple Mac OS X Server 10.3.7 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.2 Apple Safari 1.1 Apple Safari 1.0 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.8 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.7 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.6 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.5 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.4 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.3 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.2 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2.1 + Apple Mac OS X 10.2 + Apple Mac OS X 10.2 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.2 Apple Safari 3 Beta for Windows Apple Safari 3 Beta Apple Mobile Safari 0 + Apple Mac OS X 10.4.2 + Apple Mac OS X 10.4.2 + Apple Mac OS X 10.4.1 + Apple Mac OS X 10.4.1 + Apple Mac OS X 10.4 + Apple Mac OS X 10.4 + Apple Mac OS X Server 10.4.2 + Apple Mac OS X Server 10.4.1 + Apple Mac OS X Server 10.4.1 + Apple Mac OS X Server 10.4 + Apple Mac OS X Server 10.4 Apple iPhone 1

Not Vulnerable:	Apple iPhone 1.0.1