[email protected]CVE-2006-5330

HistoryOct 17, 2006 - 9:07 p.m.

CVE-2006-5330

2006-10-1721:07:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

crlf injection

adobe flash player

vulnerability

http headers

actionscript

xml

http request splitting

nvd

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.6%

JSON

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle7.0_r67
adobe:flash_playeradobe flash playerle7.0.63
adobe:flash_playeradobe flash playerle9.0.16
adobe:flash_playeradobe flash playerle9.0.28.0

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	7.0_r67
adobe:flash_player	adobe flash player	le	7.0.63
adobe:flash_player	adobe flash player	le	9.0.16
adobe:flash_player	adobe flash player	le	9.0.28.0

References

docs.info.apple.com/article.html?artnum=305214

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html

secunia.com/advisories/22467

secunia.com/advisories/23324

secunia.com/advisories/23581

secunia.com/advisories/24479

secunia.com/advisories/25467

securityreason.com/securityalert/1737

securitytracker.com/id?1017078

sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1

www.adobe.com/support/security/advisories/apsa06-01.html

www.adobe.com/support/security/bulletins/apsb06-18.html

www.osvdb.org/29863

www.rapid7.com/advisories/R7-0026.jsp

www.redhat.com/support/errata/RHSA-2007-0009.html

www.securityfocus.com/archive/1/448997/100/0/threaded

www.securityfocus.com/bid/20592

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.vupen.com/english/advisories/2006/4094

www.vupen.com/english/advisories/2007/0930

www.vupen.com/english/advisories/2007/1999

exchange.xforce.ibmcloud.com/vulnerabilities/29634

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2006-5330

nessus7 ubuntucve1 redhat1 suse1