[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5330Date: (C)2006-10-17   (M)2023-12-22


CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1017078
SUNALERT-102932
SREASON-1737
http://www.securityfocus.com/archive/1/archive/1/448997/100/0/threaded
BID-20592
SECUNIA-22467
SECUNIA-23324
SECUNIA-23581
SECUNIA-24479
SECUNIA-25467
OSVDB-29863
ADV-2006-4094
ADV-2007-0930
ADV-2007-1999
APPLE-SA-2007-03-13
RHSA-2007:0009
SUSE-SA:2006:077
TA07-072A
flashplayer-multiple-xsrf(29634)
http://docs.info.apple.com/article.html?artnum=305214
http://www.adobe.com/support/security/advisories/apsa06-01.html
http://www.adobe.com/support/security/bulletins/apsb06-18.html
http://www.rapid7.com/advisories/R7-0026.jsp

CWE    1
CWE-79

© SecPod Technologies