CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
docs.info.apple.com/article.html?artnum=305759
docs.info.apple.com/article.html?artnum=306173
lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
osvdb.org/36449
secunia.com/advisories/25786
secunia.com/advisories/26287
www.kb.cert.org/vuls/id/845708
www.securityfocus.com/archive/1/472198/100/0/threaded
www.securityfocus.com/bid/24598
www.securitytracker.com/id?1018281
www.vupen.com/english/advisories/2007/2296
www.vupen.com/english/advisories/2007/2316
www.vupen.com/english/advisories/2007/2731
www.westpoint.ltd.uk/advisories/wp-07-0002.txt
exchange.xforce.ibmcloud.com/vulnerabilities/35017