Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
secunia.com/advisories/28157
secunia.com/advisories/28161
secunia.com/advisories/28213
secunia.com/advisories/28570
secunia.com/advisories/30507
securitytracker.com/id?1019116
sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
www.adobe.com/support/security/bulletins/apsb07-20.html
www.gentoo.org/security/en/glsa/glsa-200801-07.xml
www.redhat.com/support/errata/RHSA-2007-1126.html
www.securityfocus.com/bid/26929
www.securityfocus.com/bid/26969
www.us-cert.gov/cas/techalerts/TA07-355A.html
www.vupen.com/english/advisories/2007/4258
www.vupen.com/english/advisories/2008/1724/references
exchange.xforce.ibmcloud.com/vulnerabilities/39134
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9546