NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-5330

Summary	CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
Publication Date	Oct. 18, 2006, 6:07 a.m.
Registration Date	Jan. 29, 2021, 3:47 p.m.
Last Update	Oct. 18, 2018, 6:42 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:::linux:::::*			7.0.63
cpe:2.3:a:adobe:flash_player:::solaris:::::*			7.0_r67
cpe:2.3:a:adobe:flash_player:::windows:::::*			9.0.16
cpe:2.3:a:adobe:flash_player:::mac_os_x:::::*			9.0.28.0

Related information, measures and tools

No	URL	refsource	タグ
1	http://docs.info.apple.com/article.html?artnum=305214	CONFIRM
2	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	APPLE
3	http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html	SUSE
4	http://secunia.com/advisories/22467	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/23324	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/23581	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/24479	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/25467	SECUNIA	Vendor Advisory
9	http://securityreason.com/securityalert/1737	SREASON
10	http://securitytracker.com/id?1017078	SECTRACK
11	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1	SUNALERT
12	http://www.adobe.com/support/security/advisories/apsa06-01.html	CONFIRM
13	http://www.adobe.com/support/security/bulletins/apsb06-18.html	CONFIRM
14	http://www.osvdb.org/29863	OSVDB
15	http://www.rapid7.com/advisories/R7-0026.jsp	MISC
16	http://www.redhat.com/support/errata/RHSA-2007-0009.html	REDHAT
17	http://www.securityfocus.com/archive/1/448997/100/0/threaded	BUGTRAQ
18	http://www.securityfocus.com/bid/20592	BID
19	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	CERT	US Government Resource
20	http://www.vupen.com/english/advisories/2006/4094	VUPEN
21	http://www.vupen.com/english/advisories/2007/0930	VUPEN
22	http://www.vupen.com/english/advisories/2007/1999	VUPEN
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/29634	XF
24	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html