· Outpost 10F · Forums · Reply · Statistics · Search ·

Outpost 10F Forums / Archived Topics / Flash Player 7, 8 and 9 security risk

Author

Message

plugboy Member

# Posted: 22 Oct 2006 07:41 Reply  Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform Cross-site request forgery attacks in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method. It is advised to download the newest beta release of the flashplayer plugin (version 9.0.18d60 (only for Windows)), the release files are named beta_100406. This is the only know fixed version. The article can be found here. The fix can be found here.

Your reply

... Disable smileys

» Username  » Password  Only registered users can post here. Please enter your login/password details before posting a message.

General Chatter OTF News Star Trek Discussions Star Wars Discussions LOTR/Fantasy Discussions Game of Thrones Discussions Television Discussions ISA Intelligence Celebration Corner Gossip Corner OTF Library OTF v3 Ideas Valentine's Day Auction Trivia Gaming Simming Archived Topics Sandbox

Page loading time (secs): 0.015 Online now: Guests - 1 Members - 0 Most users ever online: 215 [30 Aug 2017 14:12] Guests - 215 / Members - 0 Powered by: miniBB™ © 2001-2024