> We have a client that ran a security scan on our product that produced an > issue with the flash version built > into CF8. Below is part of the result. > > Does anyone know if there is a way to upgrade the flash media server built > into CF 8, we cannot upgrade to > a later version of CF and need to solve this issue now? > > The version of Adobe Flash Media Server running on the remote host is earlier > than version 3.5.6 or > 4.0.2. Such versions are potentially affected by the following > vulnerabilities:
You should be able to disable the embedded Flash Media Server functionality if you're not using it. I'm not sure how to do this offhand, and I don't have a copy of CF handy. I don't think you can upgrade the embedded version of Flash Media Server. If all else fails, you could just block access to the ports used by FMS (TCP/1935, UDP/1935, a couple of others). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
