CVE-2008-5109 — MEDIUM (5.0)

Vulnerability Description

The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Adobe	Flash Media Server	3.0

Related Weaknesses (CWE)

CWE-16

References

http://secunia.com/advisories/32771Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa08-11.htmlPatchVendor Advisory
http://www.osvdb.org/49952
http://secunia.com/advisories/32771Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa08-11.htmlPatchVendor Advisory
http://www.osvdb.org/49952

FAQ

What is CVE-2008-5109?

CVE-2008-5109 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of vid...

How severe is CVE-2008-5109?

CVE-2008-5109 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-5109?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Media Server.