Lucene search

[email protected]NVD:CVE-2006-5330

HistoryOct 17, 2006 - 9:07 p.m.

CVE-2006-5330

2006-10-1721:07:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

86.9%

JSON

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Affected configurations

Nvd

Node

adobeflash_playerRange≤7.0.63linux

adobeflash_playerRange≤7.0_r67solaris

adobeflash_playerRange≤9.0.16windows

adobeflash_playerRange≤9.0.28.0mac_os_x

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:linux:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:solaris:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:windows:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:mac_os_x:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player:::linux:::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player:::solaris:::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player:::windows:::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player:::mac_os_x:::::*

References

docs.info.apple.com/article.html?artnum=305214

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html

secunia.com/advisories/22467

secunia.com/advisories/23324

secunia.com/advisories/23581

secunia.com/advisories/24479

secunia.com/advisories/25467

securityreason.com/securityalert/1737

securitytracker.com/id?1017078

sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1

www.adobe.com/support/security/advisories/apsa06-01.html

www.adobe.com/support/security/bulletins/apsb06-18.html

www.osvdb.org/29863

www.rapid7.com/advisories/R7-0026.jsp

www.redhat.com/support/errata/RHSA-2007-0009.html

www.securityfocus.com/archive/1/448997/100/0/threaded

www.securityfocus.com/bid/20592

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.vupen.com/english/advisories/2006/4094

www.vupen.com/english/advisories/2007/0930

www.vupen.com/english/advisories/2007/1999

exchange.xforce.ibmcloud.com/vulnerabilities/29634

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.015

Percentile

86.9%

JSON

Related for NVD:CVE-2006-5330

cvelist1 nessus7 ubuntucve1 suse1 cve1 redhat1