jvndb-2007-000818
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-06-20 13:34
Severity ?
() - -
Summary
Flash Player allows to send arbitrary HTTP headers
Details
Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. This vulnerability is different from JVN#72595280.
References
JVN http://jvn.jp/en/jp/JVN50876069/index.html
JVNTR https://jvn.jp/en/tr/TRTA07-355A/index.html
JVNTR https://jvn.jp/en/tr/TRTA08-100A/
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245
CERT-SA http://www.us-cert.gov/cas/alerts/SA08-100A.html
CERT-SA http://www.us-cert.gov/cas/alerts/SA07-355A.html
CERT-TA http://www.us-cert.gov/cas/techalerts/TA08-100A.html
CERT-TA http://www.us-cert.gov/cas/techalerts/TA07-355A.html
SECUNIA http://secunia.com/advisories/28161
XF http://xforce.iss.net/xforce/xfdb/39134
SECTRACK http://securitytracker.com/id?1019116
FRSIRT http://www.frsirt.com/english/advisories/2007/4258
Buffer Errors(CWE-119) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Adobe Inc.Adobe Flash Player
Red Hat, Inc.Red Hat Enterprise Linux Extras
Red Hat, Inc.RHEL Desktop Supplementary
Red Hat, Inc.RHEL Supplementary
Sun Microsystems, Inc.OpenSolaris
Sun Microsystems, Inc.Sun Solaris
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
  "dc:date": "2008-06-20T13:34+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-06-20T13:34+09:00",
  "description": "Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nFlash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nThis vulnerability is different from JVN#72595280.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:flash_player",
      "@product": "Adobe Flash Player",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux Extras",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_desktop_supplementary",
      "@product": "RHEL Desktop Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_supplementary",
      "@product": "RHEL Supplementary",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000818",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50876069/index.html",
      "@id": "JVN#50876069",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
      "@id": "TRTA07-355A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-100A/",
      "@id": "TRTA08-100A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245",
      "@id": "CVE-2007-6245",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245",
      "@id": "CVE-2007-6245",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-100A.html",
      "@id": "SA08-100A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-355A.html",
      "@id": "SA07-355A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html",
      "@id": "TA08-100A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html",
      "@id": "TA07-355A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/28161",
      "@id": "SA28161",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/39134",
      "@id": "39134",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1019116",
      "@id": "1019116",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4258",
      "@id": "FrSIRT/ADV-2007-4258",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Flash Player allows to send arbitrary HTTP headers"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.