Home > Vulnerability Database > CVE-2006-5330

Mend.io Vulnerability Database

CVE-2006-5330

Date: October 17, 2006

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Severity Score

5.3

Related Resources (27)

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-5330

Url: http://www.securityfocus.com/bid/20592

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-5330

Url: http://securityreason.com/securityalert/1737

Url: http://secunia.com/advisories/22467

Url: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html

Url: http://securitytracker.com/id?1017078

Url: http://www.us-cert.gov/cas/techalerts/TA07-072A.html

Url: http://www.vupen.com/english/advisories/2007/1999

Url: http://www.osvdb.org/29863

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405

Url: http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0009.html

Url: http://www.vupen.com/english/advisories/2006/4094

Url: http://www.securityfocus.com/archive/1/448997/100/0/threaded

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1

Url: http://docs.info.apple.com/article.html?artnum=305214

Url: http://www.adobe.com/support/security/bulletins/apsb06-18.html

Url: http://www.rapid7.com/advisories/R7-0026.jsp

Url: http://www.vupen.com/english/advisories/2007/0930

Url: http://secunia.com/advisories/23324

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/29634

Url: http://secunia.com/advisories/24479

Url: http://www.adobe.com/support/security/advisories/apsa06-01.html

Url: http://secunia.com/advisories/23581

Url: http://secunia.com/advisories/25467

Url: https://www.mend.io/vulnerability-database/CVE-2006-5330

Severity Score

5.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-5330

Date: October 17, 2006

Severity Score

Related Resources (27)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?