Title: Adobe Flash Player HTTP Response Splitting Vulnerability
Severity: MODERATE
Description:
Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies.
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. An attacker can use Flash Player to modify HTTP request headers.
A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.
NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).
Affected Products:
- Adobe Flash Player 7.0.69.0
- Adobe Flash Player 7.0.70.0
- Adobe Flash Player 8.0.34.0
- Adobe Flash Player 8.0.35.0
- Adobe Flash Player 9.0.28.0
- Adobe Flash Player 9.0.31.0
- Adobe Flash Player 9.0.45.0
- Adobe Flash Player 9.0.47.0
- Adobe Flash Player 9.0.48.0
- Gentoo Linux
- Nortel Networks Media Processing Svr 1000 Rel 3.0
- Nortel Networks Peri Application
- Nortel Networks Peri Workstation
- Nortel Networks Self-Service - CCSS7
- RedHat Enterprise Linux Desktop Supplementary 5 client
- RedHat Enterprise Linux Extras 3
- RedHat Enterprise Linux Extras 4
- RedHat Enterprise Linux Extras 4.5.z
- RedHat Enterprise Linux Supplementary 5 server
- S.u.S.E. Linux Personal 10.1
- S.u.S.E. Linux Professional 10.1
- S.u.S.E. Novell Linux Desktop 9.0.0
- S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
- S.u.S.E. openSUSE 10.2
- S.u.S.E. openSUSE 10.3
- Sun OpenSolaris build snv_88
- Sun Solaris 10.0
- Sun Solaris 10.0_x86
- Turbolinux FUJI
- Turbolinux wizpy
References:
- Adobe: APSB07-20 Flash Player update available to address security vulnerabilities
- Adobe: Adobe Flash Homepage
- Nortel Networks: Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash
- Red Hat: RHSA-2007:1126-8 - flash-plugin security update
- Sun Microsystems: Solution 238305: Multiple Security Vulnerabilities in Flash Player for Solaris
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
