CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
90.9%
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | 7.0 | cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:* |
adobe | flash_player | 8.0 | cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:* |
adobe | flash_player | 9.0 | cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
secunia.com/advisories/28157
secunia.com/advisories/28161
secunia.com/advisories/28213
secunia.com/advisories/28570
secunia.com/advisories/30507
securitytracker.com/id?1019116
sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
www.adobe.com/support/security/bulletins/apsb07-20.html
www.gentoo.org/security/en/glsa/glsa-200801-07.xml
www.redhat.com/support/errata/RHSA-2007-1126.html
www.securityfocus.com/bid/26929
www.securityfocus.com/bid/26969
www.us-cert.gov/cas/techalerts/TA07-355A.html
www.vupen.com/english/advisories/2007/4258
www.vupen.com/english/advisories/2008/1724/references
exchange.xforce.ibmcloud.com/vulnerabilities/39134
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9546