Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Adobe Flash Player fails to properly validate HTTP Referers
Informations
Name VU#138457 First vendor Publication 2007-07-12
Vendor VU-CERT Last vendor Modification 2007-07-16
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#138457

Adobe Flash Player fails to properly validate HTTP Referers

Overview

The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks.

I. Description

Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. HTTP Referer Headers are defined in section 14.36 of RFC 2616:

    The Referer[sic] request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained (the "referrer", although the header field is misspelled.) The Referer request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard.

Per Adobe Security Bulletin APSB07-12, HTTP Referers are not sufficiently validated in Flash Player 8.0.34.0 and earlier.

II. Impact

An attacker may be able to execute cross-site request forgery attacks.

III. Solution

Apply a patch

Updated versions of the affected software have been published to address this issue. Please see the Systems Affected section of this document for more information.

Systems Affected

VendorStatusDate Updated
AdobeVulnerable12-Jul-2007

References


http://www.adobe.com/support/security/bulletins/apsb07-12.html
http://tools.ietf.org/html/rfc2616#section-14.36
http://secunia.com/advisories/26027/

Credit

Thanks to Adobe for information that was used in this report. Adobe credits Daiki Fukumori of Secure Sky Technology, Inc for reporting the vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public07/10/2007
Date First Published07/12/2007 12:27:25 PM
Date Last Updated07/16/2007
CERT Advisory 
CVE NameCVE-2007-3457
Metric4.32
Document Revision11

Original Source

Url : http://www.kb.cert.org/vuls/id/138457

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29400
 
Oval ID: oval:org.mitre.oval:def:29400
Title: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers (CVE-2007-3457)
Description: Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.
Family: windows Class: vulnerability
Reference(s): CVE-2007-3457
 Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Adobe Flash Player
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 49

OpenVAS Exploits

Date Description
2009-01-28 Name : SuSE Update for flash-player SUSE-SA:2007:046
File : nvt/gb_suse_2007_046.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200708-01 (netscape-flash)
File : nvt/glsa_200708_01.nasl
2008-09-04 Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38049 Adobe Flash Player HTTP Referer Header CSRF

Flash Player 9.0.45.0 and earlier allow an attacker to manipulate HTTP referrer headers by way of ActionScript. This allows an attacker to spoof the origin of a request and bypass common filters to prevent CSRF. An attacker could leverage this for to issue a CSRF from outside of the target's domain.

Nessus® Vulnerability Scanner

Date Description
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-3890.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_flash-player-3889.nasl - Type : ACT_GATHER_INFO
2007-08-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200708-01.nasl - Type : ACT_GATHER_INFO
2007-07-18 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_b42e8c3234f611dc9bc9001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-07-11 Name : The remote Windows host contains a browser plugin that is affected by multipl...
File : flash_player_apsb07-12.nasl - Type : ACT_GATHER_INFO