CVE-2006-5330 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-5330 Interim 1 4 2023-12-09T02:17:04Z current 2021-05-30T12:36:55Z 2023-12-09T02:17:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-5330 CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSLL3IYNBD2XFCNNYGL5A6AJGZNSF2JZ/#RSLL3IYNBD2XFCNNYGL5A6AJGZNSF2JZ E-Mail link for SUSE-SA:2006:077 https://www.suse.com/support/security/rating/ SUSE Security Ratings CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. CVE-2006-5330 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N