Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9546
https://exchange.xforce.ibmcloud.com/vulnerabilities/39134
http://www.vupen.com/english/advisories/2008/1724/references
http://www.vupen.com/english/advisories/2007/4258
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
http://www.securityfocus.com/bid/26969
http://www.securityfocus.com/bid/26929
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://www.adobe.com/support/security/bulletins/apsb07-20.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
http://securitytracker.com/id?1019116
http://secunia.com/advisories/30507
http://secunia.com/advisories/28570
http://secunia.com/advisories/28213
http://secunia.com/advisories/28161
http://secunia.com/advisories/28157
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html