CVE-2006-5330
⚪ Do wiadomości
Wstrzyknięcie CRLF w Adobe Flash Player umożliwia modyfikację nagłówków HTTP.
CVSS
5.0
EPSS
17.4%
Exploit
none
Vendor
adobe
Opis źródłowy (NVD)
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 17.4% |
| Opublikowano (NVD) | 2006-10-17 21:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://docs.info.apple.com/article.html?artnum=305214 (cve@mitre.org)
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html (cve@mitre.org)
- http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html (cve@mitre.org)
- http://secunia.com/advisories/22467 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/23324 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/23581 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/24479 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/25467 (cve@mitre.org) [Vendor Advisory]
- http://securityreason.com/securityalert/1737 (cve@mitre.org)
- http://securitytracker.com/id?1017078 (cve@mitre.org)
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 (cve@mitre.org)
- http://www.adobe.com/support/security/advisories/apsa06-01.html (cve@mitre.org)
- http://www.adobe.com/support/security/bulletins/apsb06-18.html (cve@mitre.org)
- http://www.osvdb.org/29863 (cve@mitre.org)
- http://www.rapid7.com/advisories/R7-0026.jsp (cve@mitre.org)
- http://www.redhat.com/support/errata/RHSA-2007-0009.html (cve@mitre.org)
- http://www.securityfocus.com/archive/1/448997/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/20592 (cve@mitre.org)
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html (cve@mitre.org) [US Government Resource]
- http://www.vupen.com/english/advisories/2006/4094 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2007/0930 (cve@mitre.org)
- http://www.vupen.com/english/advisories/2007/1999 (cve@mitre.org)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29634 (cve@mitre.org)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405 (cve@mitre.org)