Lucene search

[email protected]CVE-2008-5109

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-5109

2008-11-2523:30:00

CWE-16

[email protected]

web.nvd.nist.gov

adobe flash media server

fms 3.0

swf verification

rtmpe

rtmpte

video content

remote attackers

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.

CPENameOperatorVersion
adobe:flash_media_serveradobe flash media servereq3.5
adobe:flash_media_serveradobe flash media servereq3.0

CPE	Name	Operator	Version
adobe:flash_media_server	adobe flash media server	eq	3.5
adobe:flash_media_server	adobe flash media server	eq	3.0

References

secunia.com/advisories/32771

www.adobe.com/support/security/advisories/apsa08-11.html

www.osvdb.org/49952

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2008-5109

openvas2 prion1 cvelist1