Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Published

2006-10-17T21:07:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	flash_player	≤ 7.0.63	Yes
Application	adobe	flash_player	≤ 7.0_r67	Yes
Application	adobe	flash_player	≤ 9.0.16	Yes
Application	adobe	flash_player	≤ 9.0.28.0	Yes

References

http://docs.info.apple.com/article.html?artnum=305214 ([email protected])
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html ([email protected])
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html ([email protected])
http://secunia.com/advisories/22467 Vendor Advisory ([email protected])
http://secunia.com/advisories/23324 Vendor Advisory ([email protected])
http://secunia.com/advisories/23581 Vendor Advisory ([email protected])
http://secunia.com/advisories/24479 Vendor Advisory ([email protected])
http://secunia.com/advisories/25467 Vendor Advisory ([email protected])
http://securityreason.com/securityalert/1737 ([email protected])
http://securitytracker.com/id?1017078 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 ([email protected])
http://www.adobe.com/support/security/advisories/apsa06-01.html ([email protected])
http://www.adobe.com/support/security/bulletins/apsb06-18.html ([email protected])
http://www.osvdb.org/29863 ([email protected])
http://www.rapid7.com/advisories/R7-0026.jsp ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0009.html ([email protected])
http://www.securityfocus.com/archive/1/448997/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/20592 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2006/4094 ([email protected])
http://www.vupen.com/english/advisories/2007/0930 ([email protected])
http://www.vupen.com/english/advisories/2007/1999 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/29634 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405 ([email protected])
http://docs.info.apple.com/article.html?artnum=305214 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22467 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23324 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23581 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24479 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25467 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/1737 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017078 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/advisories/apsa06-01.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/security/bulletins/apsb06-18.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/29863 (af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/advisories/R7-0026.jsp (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0009.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448997/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/20592 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/4094 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0930 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1999 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29634 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405 (af854a3a-2127-422b-91ae-364da2661108)