Apple · Cfnetwork · CVE-2007-2404
**Name of the Vulnerable Software and Affected Versions**
CFNetwork on Apple Mac OS X versions 10.3.9 and 10.4.10 before 20070731
**Description**
The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences, which can be leveraged for cross-site scripting (XSS) attacks.
**Recommendations**
For CFNetwork on Apple Mac OS X versions 10.3.9 and 10.4.10 before 20070731, update to a version released after 20070731 to resolve the issue.