Apple · Safari · CVE-2012-3696
**Name of the Vulnerable Software and Affected Versions**
Apple Safari versions prior to 6.0
**Description**
A CRLF injection issue exists, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling.
**Recommendations**
For versions prior to 6.0, update to version 6.0 or later to resolve the issue.