CVE-2006-5330

EPSS 18.54%
Published 17.10.2006 21:07:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType.  NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Editionlinux Version <= 7.0.63

Adobe ≫ Flash Player Editionsolaris Version <= 7.0_r67

Adobe ≫ Flash Player Editionwindows Version <= 9.0.16

Adobe ≫ Flash Player Editionmac_os_x Version <= 9.0.28.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.54%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://docs.info.apple.com/article.html?artnum=305214

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://secunia.com/advisories/24479

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/0930

http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html

http://secunia.com/advisories/22467

Vendor Advisory

http://secunia.com/advisories/23324

Vendor Advisory