CVE-2006-5330
published 2006-10-17CVE-2006-5330: CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
22.60%
97.4th percentile
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 7.0.63 | — |
| adobe | flash_player | <= 7.0_r67 | — |
| adobe | flash_player | <= 9.0.16 | — |
| adobe | flash_player | <= 9.0.28.0 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2006-10-17·CVSS 5.0
CVE-2006-5330 [MEDIUM] security flaw
security flaw
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
GHSA
GHSA-q79c-rmvv-p2vj: CRLF injection vulnerability in Adobe Flash Player plugin 9
ghsa_unreviewed·2022-05-01
CVE-2006-5330 [MEDIUM] CWE-79 GHSA-q79c-rmvv-p2vj: CRLF injection vulnerability in Adobe Flash Player plugin 9
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5330 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-5330 [MEDIUM] CVE-2006-5330 security flaw
CVE-2006-5330 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
Bugzilla
CVE-2006-5330 Flash Player HTTP header injection
bugzilla·2006-12-08·CVSS 5.0
CVE-2006-5330 [MEDIUM] CVE-2006-5330 Flash Player HTTP header injection
CVE-2006-5330 Flash Player HTTP header injection
Adobe released Flash Player 7.0.69.0 which fixes a flaw that allows a malicious
flash client to modify the headers of an HTTP client request. This flaw by
itself is not a security issue, but can be leveraged to exploit certain proxy
and web server flaws.
This flaw also affect the flash player shipped in RHEL3.
Discussion:
This will be RHSA-2006:0756
---
http://porkchop.redhat.com/brewroot/packages/flash-plugin/7.0.69/
Package is built and ready for testing.
I don't know if it has the correct tag for LACD errata, that part is confusing.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/
http://docs.info.apple.com/article.html?artnum=305214http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.htmlhttp://secunia.com/advisories/22467http://secunia.com/advisories/23324http://secunia.com/advisories/23581http://secunia.com/advisories/24479http://secunia.com/advisories/25467http://securityreason.com/securityalert/1737http://securitytracker.com/id?1017078http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1http://www.adobe.com/support/security/advisories/apsa06-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb06-18.htmlhttp://www.osvdb.org/29863http://www.rapid7.com/advisories/R7-0026.jsphttp://www.redhat.com/support/errata/RHSA-2007-0009.htmlhttp://www.securityfocus.com/archive/1/448997/100/0/threadedhttp://www.securityfocus.com/bid/20592http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.vupen.com/english/advisories/2006/4094http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2007/1999https://exchange.xforce.ibmcloud.com/vulnerabilities/29634https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405http://docs.info.apple.com/article.html?artnum=305214http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.htmlhttp://secunia.com/advisories/22467http://secunia.com/advisories/23324http://secunia.com/advisories/23581http://secunia.com/advisories/24479http://secunia.com/advisories/25467http://securityreason.com/securityalert/1737http://securitytracker.com/id?1017078http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1http://www.adobe.com/support/security/advisories/apsa06-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb06-18.htmlhttp://www.osvdb.org/29863http://www.rapid7.com/advisories/R7-0026.jsphttp://www.redhat.com/support/errata/RHSA-2007-0009.htmlhttp://www.securityfocus.com/archive/1/448997/100/0/threadedhttp://www.securityfocus.com/bid/20592http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.vupen.com/english/advisories/2006/4094http://www.vupen.com/english/advisories/2007/0930http://www.vupen.com/english/advisories/2007/1999https://exchange.xforce.ibmcloud.com/vulnerabilities/29634https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405
2006-10-17
Published