QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-5330

Back to search

CVE-2006-5330

Published: Oct 17, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

VendorProductVersions

n/a

n/a

affected
n/a

References

TA07-072A
third-party-advisory
x_refsource_CERT
102932
vendor-advisory
x_refsource_SUNALERT
22467
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2007-03-13
vendor-advisory
x_refsource_APPLE
RHSA-2007:0009
vendor-advisory
x_refsource_REDHAT
23324
third-party-advisory
x_refsource_SECUNIA
flashplayer-multiple-xsrf(29634)
vdb-entry
x_refsource_XF
SUSE-SA:2006:077
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:11405
vdb-entry
signature
x_refsource_OVAL
25467
third-party-advisory
x_refsource_SECUNIA
ADV-2006-4094
vdb-entry
x_refsource_VUPEN
29863
vdb-entry
x_refsource_OSVDB
20592
vdb-entry
x_refsource_BID
ADV-2007-0930
vdb-entry
x_refsource_VUPEN
1737
third-party-advisory
x_refsource_SREASON
ADV-2007-1999
vdb-entry
x_refsource_VUPEN
23581
third-party-advisory
x_refsource_SECUNIA
1017078
vdb-entry
x_refsource_SECTRACK
24479
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now