Vulnerability Name: | CVE-2007-2022 (CCN-33595) |
Assigned: | 2007-04-13 |
Published: | 2007-04-13 |
Updated: | 2017-10-11 |
Summary: | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. |
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N) 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-200
|
Vulnerability Consequences: | Obtain Information |
References: | Source: SGI Type: UNKNOWN 20070602-01-P
Source: MITRE Type: CNA CVE-2007-2022
Source: CCN Type: RHSA-2007-0494 Important: kdebase security update
Source: CCN Type: SA24877 Opera Flash Player Plug-In Interaction Vulnerability
Source: SECUNIA Type: Vendor Advisory 24877
Source: SECUNIA Type: Vendor Advisory 25027
Source: SECUNIA Type: Vendor Advisory 25432
Source: CCN Type: SA25662 Konqueror Flash Player Plug-in Vulnerability
Source: SECUNIA Type: Vendor Advisory 25662
Source: SECUNIA Type: Vendor Advisory 25669
Source: SECUNIA Type: Vendor Advisory 25894
Source: SECUNIA Type: Vendor Advisory 25933
Source: CCN Type: SA26027 Adobe Flash Player Multiple Vulnerabilities
Source: SECUNIA Type: Vendor Advisory 26027
Source: SECUNIA Type: Vendor Advisory 26118
Source: SECUNIA Type: Vendor Advisory 26357
Source: SECUNIA Type: Vendor Advisory 26860
Source: SECUNIA Type: Vendor Advisory 28068
Source: CCN Type: SECTRACK ID: 1017903 Adobe Flash Player on Opera Has a Vulnerability with Unspecified Impact
Source: CCN Type: Sun Alert ID: 103167 Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests
Source: SUNALERT Type: UNKNOWN 103167
Source: SUNALERT Type: UNKNOWN 201506
Source: CCN Type: ASA-2007-331 kdebase security update (RHSA-2007-0494)
Source: CCN Type: ASA-2007-530 Security Vulnerabilities in Adobe Flash Player May Allow Unauthorized System Access or Generation of HTTP Requests (Sun 103167)
Source: CCN Type: Adobe Product Security Advisory APSA07-03 Opera update available for vulnerability with Adobe Flash Player and Opera browser on Linux and Solaris
Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/advisories/apsa07-03.html
Source: CCN Type: Adobe Product Security Bulletin APSB07-12 Flash Player update available to address security vulnerabilities
Source: CONFIRM Type: Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb07-12.html
Source: CCN Type: GLSA-200708-01 Macromedia Flash Player: Remote arbitrary code execution
Source: GENTOO Type: UNKNOWN GLSA-200708-01
Source: CCN Type: US-CERT VU#110297 Flash Player information disclosure vulnerability
Source: MANDRIVA Type: UNKNOWN MDKSA-2007:138
Source: SUSE Type: UNKNOWN SUSE-SR:2007:012
Source: SUSE Type: UNKNOWN SUSE-SA:2007:028
Source: SUSE Type: UNKNOWN SUSE-SA:2007:046
Source: CCN Type: Opera Software Knowledge Base Article 858 Advisory: Opera security upgrade for Linux, Solaris and FreeBSD
Source: CONFIRM Type: UNKNOWN http://www.opera.com/support/search/view/858/
Source: REDHAT Type: UNKNOWN RHSA-2007:0494
Source: BID Type: UNKNOWN 23437
Source: CCN Type: BID-23437 Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
Source: SECTRACK Type: UNKNOWN 1017903
Source: CCN Type: TLSA-2007-36 Three vulnerabilities discovered in flash-player
Source: CERT Type: US Government Resource TA07-192A
Source: VUPEN Type: Vendor Advisory ADV-2007-1361
Source: VUPEN Type: Vendor Advisory ADV-2007-2497
Source: VUPEN Type: Vendor Advisory ADV-2007-4190
Source: XF Type: UNKNOWN flashplayer-unspecified-info-disclosure(33595)
Source: XF Type: UNKNOWN opera-flash-player-unspecified(33595)
Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1462
Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9332
Source: SUSE Type: SUSE-SA:2007:046 flash-player security problems
Source: SUSE Type: SUSE-SR:2007:012 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*OR cpe:/a:adobe:flash_player:8.0:*:*:*:*:*:*:*OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*OR cpe:/a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*OR cpe:/a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.02:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.10:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.11:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:5.12:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.01:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.1:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.02:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.05:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.06:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.11:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:6.12:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.0:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.01:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.02:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.03:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.10:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.11:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.20:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.21:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.22:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.23:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.50:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.51:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.52:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.53:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.54:update1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.54:update2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:7.60:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.0:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.01:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.02:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.50:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.51:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.52:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.53:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:8.54:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.0:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.01:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.02:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.10:*:*:*:*:*:*:*OR cpe:/a:opera:opera_browser:9.12:*:*:*:*:*:*:* Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5: cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7: cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 8: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 9: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1: cpe:/a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*AND cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
Definition ID | Class | Title | Last Modified |
---|
oval:org.opensuse.security:def:20072022 | V | CVE-2007-2022 | 2015-11-16 | oval:org.mitre.oval:def:24920 | V | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet | 2015-08-03 | oval:org.mitre.oval:def:21835 | P | ELSA-2007:0494: kdebase security update (Important) | 2014-05-26 | oval:org.mitre.oval:def:9332 | V | Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | 2013-04-29 | oval:com.redhat.rhsa:def:20070494 | P | RHSA-2007:0494: kdebase security update (Important) | 2007-06-13 |
|
BACK |
adobe flash player 7.0.25
adobe flash player 8.0
adobe flash player 9.0.18d60
adobe flash player 9.0.20
adobe flash player 9.0.28
opera opera browser 5.0
opera opera browser 5.0 beta2
opera opera browser 5.0 beta3
opera opera browser 5.0 beta4
opera opera browser 5.0 beta5
opera opera browser 5.0 beta6
opera opera browser 5.0 beta7
opera opera browser 5.0 beta8
opera opera browser 5.02
opera opera browser 5.10
opera opera browser 5.11
opera opera browser 5.12
opera opera browser 6.0
opera opera browser 6.0 beta1
opera opera browser 6.0 beta2
opera opera browser 6.0 tp1
opera opera browser 6.0 tp2
opera opera browser 6.0 tp3
opera opera browser 6.01
opera opera browser 6.1
opera opera browser 6.1 beta1
opera opera browser 6.02
opera opera browser 6.03
opera opera browser 6.04
opera opera browser 6.05
opera opera browser 6.06
opera opera browser 6.11
opera opera browser 6.12
opera opera browser 7.0
opera opera browser 7.0 beta1
opera opera browser 7.0 beta1_v2
opera opera browser 7.0 beta2
opera opera browser 7.01
opera opera browser 7.02
opera opera browser 7.03
opera opera browser 7.10
opera opera browser 7.10 beta1
opera opera browser 7.11
opera opera browser 7.11 beta2
opera opera browser 7.20
opera opera browser 7.20 beta7
opera opera browser 7.21
opera opera browser 7.22
opera opera browser 7.23
opera opera browser 7.50
opera opera browser 7.50 beta1
opera opera browser 7.51
opera opera browser 7.52
opera opera browser 7.53
opera opera browser 7.54
opera opera browser 7.54 update1
opera opera browser 7.54 update2
opera opera browser 7.60
opera opera browser 8.0
opera opera browser 8.0 beta1
opera opera browser 8.0 beta2
opera opera browser 8.0 beta3
opera opera browser 8.01
opera opera browser 8.02
opera opera browser 8.50
opera opera browser 8.51
opera opera browser 8.52
opera opera browser 8.53
opera opera browser 8.54
opera opera browser 9.0
opera opera browser 9.0 beta1
opera opera browser 9.0 beta2
opera opera browser 9.01
opera opera browser 9.02
opera opera browser 9.10
opera opera browser 9.12
adobe flash player 7.0.25
freebsd freebsd *
gentoo linux *
suse linux enterprise server 8
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
sun solaris 10
sun solaris 10
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux fuji
redhat enterprise linux desktop 5.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2007.1
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2007.1
redhat enterprise linux 4.5.z
redhat enterprise linux 4.5.z
novell opensuse 10.2