CF 8 Manually Upgrade Flash
We have a client that ran a security scan on our product that produced an issue with the flash version built into CF8. Below is part of the result. Does anyone know if there is a way to upgrade the flash media server built into CF 8, we cannot upgrade to a later version of CF and need to solve this issue now? Thanks in advance -Willy The version of Adobe Flash Media Server running on the remote host is earlier than version 3.5.6 or 4.0.2. Such versions are potentially affected by the following vulnerabilities: ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357662 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF 8 Manually Upgrade Flash
We have a client that ran a security scan on our product that produced an issue with the flash version built into CF8. Below is part of the result. Does anyone know if there is a way to upgrade the flash media server built into CF 8, we cannot upgrade to a later version of CF and need to solve this issue now? The version of Adobe Flash Media Server running on the remote host is earlier than version 3.5.6 or 4.0.2. Such versions are potentially affected by the following vulnerabilities: You should be able to disable the embedded Flash Media Server functionality if you're not using it. I'm not sure how to do this offhand, and I don't have a copy of CF handy. I don't think you can upgrade the embedded version of Flash Media Server. If all else fails, you could just block access to the ports used by FMS (TCP/1935, UDP/1935, a couple of others). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF 8 Manually Upgrade Flash
On Wed, Feb 12, 2014 at 5:49 PM, Dave Watts wrote: You should be able to disable the embedded Flash Media Server functionality if you're not using it. I'm not sure how to do this offhand, and I don't have a copy of CF handy. I believe it is just a matter of removing the servlet mappings in web.xml. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357664 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
