plugboy
Member
|
# Posted: 22 Oct 2006 07:41
Reply
Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform Cross-site request forgery attacks in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method.
It is advised to download the newest beta release of the flashplayer plugin (version 9.0.18d60 (only for Windows)), the release files are named beta_100406. This is the only know fixed version.
The article can be found here. The fix can be found here.
|