5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.015 Low
EPSS
Percentile
86.7%
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and
earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for
Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to
modify HTTP headers of client requests and conduct HTTP Request Splitting
attacks via CRLF sequences in arguments to the ActionScript functions (1)
XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the
attack varies depending on the type of web browser being used.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 7.04 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |
ubuntu | 7.10 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |
ubuntu | 8.04 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |
ubuntu | 8.10 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |
ubuntu | 9.04 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |
ubuntu | 9.10 | noarch | flashplugin-nonfree | < 9.0.31.0.1 | UNKNOWN |