Strix
26.1K

CVE-2006-5330

UnknownEPSS 22.60%

Last modified

CVE-2006-5330 is a vulnerability of currently unknown severity. CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.. EPSS estimates a 22.60% chance of exploitation in the next 30 days.

Description

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Metrics

EPSS Probability
22.60%

97.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeFlash Player<= 7.0.63
AdobeFlash Player<= 7.0_r67
AdobeFlash Player<= 9.0.16
AdobeFlash Player<= 9.0.28.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-5330?
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
How severe is CVE-2006-5330?
Severity scoring for CVE-2006-5330 is pending analysis. The EPSS model estimates a 22.60% probability of exploitation in the next 30 days.
How do I fix CVE-2006-5330?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5330?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST