Japan Vulnerability NotesJVN:72595280JVN#72595280 Flash Player allows to send arbitrary Referer headers
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.6%
Adobe Flash Player is a multimedia and application browser plugin for viewing Adobe Flash contents.
Flash Player contains a vulnerability allowing to send arbitrary Referer headers.
Impact
As a flash file (swf) can send an arbitrary Referer header and Flash Player cannot properly validate Referer header sent by swf, a remote attacker could bypass a security measure on a web application applied based on the Referer header.
Solution
Update the Software
Update to the latest version provided by the vendor.
For more information, refer to the vendor’s website.
Products Affected
- Flash Player 8.0.34.0 and earlier
For more information, refer to the vendor’s website.
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.6%