Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0009

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57766

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2007:0009

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2007:0009.

The flash-plugin package contains a Firefox-compatible Adobe Flash Player
browser plug-in.

A flaw was found in the way the Adobe Flash Player generates HTTP requests.
It was possible for a malicious Adobe Flash file to modify the HTTP header
of the client request, which could be leveraged to exploit certain HTTP proxy
and web server flaws. (CVE-2006-5330)

Users of Adobe Flash Player should upgrade to this updated package, which
contains version 7.0.69 and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0009.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5330
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 20592
http://www.securityfocus.com/bid/20592
Bugtraq: 20061017 Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin (Google Search)
http://www.securityfocus.com/archive/1/448997/100/0/threaded
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.rapid7.com/advisories/R7-0026.jsp
http://www.osvdb.org/29863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405
http://www.redhat.com/support/errata/RHSA-2007-0009.html
http://securitytracker.com/id?1017078
http://secunia.com/advisories/22467
http://secunia.com/advisories/23324
http://secunia.com/advisories/23581
http://secunia.com/advisories/24479
http://secunia.com/advisories/25467
http://securityreason.com/securityalert/1737
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1
SuSE Security Announcement: SUSE-SA:2006:077 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html
http://www.vupen.com/english/advisories/2006/4094
http://www.vupen.com/english/advisories/2007/0930
http://www.vupen.com/english/advisories/2007/1999
XForce ISS Database: flashplayer-multiple-xsrf(29634)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29634

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57766
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0009
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0009. The flash-plugin package contains a Firefox-compatible Adobe Flash Player browser plug-in. A flaw was found in the way the Adobe Flash Player generates HTTP requests. It was possible for a malicious Adobe Flash file to modify the HTTP header of the client request, which could be leveraged to exploit certain HTTP proxy and web server flaws. (CVE-2006-5330) Users of Adobe Flash Player should upgrade to this updated package, which contains version 7.0.69 and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0009.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5330 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 20592 http://www.securityfocus.com/bid/20592 Bugtraq: 20061017 Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin (Google Search) http://www.securityfocus.com/archive/1/448997/100/0/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.rapid7.com/advisories/R7-0026.jsp http://www.osvdb.org/29863 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405 http://www.redhat.com/support/errata/RHSA-2007-0009.html http://securitytracker.com/id?1017078 http://secunia.com/advisories/22467 http://secunia.com/advisories/23324 http://secunia.com/advisories/23581 http://secunia.com/advisories/24479 http://secunia.com/advisories/25467 http://securityreason.com/securityalert/1737 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 SuSE Security Announcement: SUSE-SA:2006:077 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html http://www.vupen.com/english/advisories/2006/4094 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1999 XForce ISS Database: flashplayer-multiple-xsrf(29634) https://exchange.xforce.ibmcloud.com/vulnerabilities/29634
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com