Results 1 to 3 of 3

Thread: Adobe Flash Media Server Unspecified Command Execution and "Edge Process" DOS

  1. #1

    Default Adobe Flash Media Server Unspecified Command Execution and "Edge Process" DOS

    A vendor we use for penetration testing is saying that my wowza bozes with both 1935 and 8086 ports are showing and accessible to this vulenrability:
    Adobe Flash Media Server Unspecified Command Execution and "Edge Process" Denial of Service

    As we all know I am not running FMS, but not sure if you have seen that wowza is vulnerale to this. I called it out as a Falso Positive but they insist that they are able to exploit this vilnerability using their tools.

    Anyone seen this or have an idea on how I can answer them or correct it, if in case it is there?

    Thanks

  2. #2

    Default

    You would know if they were able to exploit the vulnerability if your server was DOSed. Is this the case?

    I have not heard any reports of DOSing. As it is, you do not have a Flash Media Server listening on those ports, so like you, I would think "false positive."

  3. #3
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    This is probably one of the specific security alerts that results from Wowza using FMS userAgent. Recent version/patch of Wowza has updated the userAgent to recent FMS version so this does not come up. But it was never an actual vulnerability, just confusion with FMS

    Richard

Similar Threads

  1. Replies: 1
    Last Post: 02-18-2014, 02:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •