Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-5330 | First vendor Publication | 2006-10-17 |
Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5330 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11405 | |||
Oval ID: | oval:org.mitre.oval:def:11405 | ||
Title: | CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. | ||
Description: | CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5330 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux Extras 3 Red Hat Enterprise Linux Extras 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29863 | Adobe Flash Player HTTP Header CRLF Injection Flash Player contains a flaw related to the sanitization of input passed to the XML.addRequestHeader function and the XML.contentType attribute. Successful exploitation of this vulnerability would allow an attacker to perform cross-site request forgery, thus bypassing normal domain security measures. No further details have been provided. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0009.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-2969.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-2357.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-2359.nasl - Type : ACT_GATHER_INFO |
2007-03-13 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_077.nasl - Type : ACT_GATHER_INFO |
2006-12-15 | Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb06-18.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:04:43 |
|
2021-04-22 01:05:20 |
|
2020-05-24 01:02:54 |
|
2020-05-23 00:18:33 |
|
2018-10-30 12:01:59 |
|
2018-10-18 00:19:44 |
|
2018-03-07 12:01:10 |
|
2017-10-11 09:23:46 |
|
2017-07-20 09:23:57 |
|
2016-06-28 15:58:59 |
|
2016-04-26 15:11:26 |
|
2014-02-17 10:37:33 |
|
2013-05-11 11:11:37 |
|