The host is installed with Apple Safari before 4.0 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle XMLHttpRequest headers in WebKit. Successful exploitation could allow attackers to bypass the same-origin policy by issuing an XMLHttpRequest that does not contain a host header.