Security bulletin

Content Protection in Flash Media Server

Release date: November 17, 2008

CVE number: CVE-2008-5109

Vulnerability identifier: APSA08-11


Service packs for Flash Media Server (3.0.3 and 3.5.1) adds new RTMP security measures enabled with Flash Player 10,0,22 and AIR 1.5.1 for streaming media delivery. Customers using Flash Media Server 3.0.3 and 3.5.1 should utilize RTMPE or RTMPTE (the tunneled version) combined with SWF Verification to provide maximum content protection. These updates also address issues previously disclosed in Security Advisory APSA08-06.

Affected software versions

Flash Media Server 3.5, Flash Media Server 3.0.


Adobe recommends Flash Media Server administrators install the Flash Media Server 3.5.1 or 3.0.3 update


For more information on using RTMPE or RTMPTE and SWF Verification, Flash Media Server 3.0 customers can consult the following updated TechNote.


February 26, 2008 – Advisory updated with information on Flash Media Server 3.5.1 and 3.0.3 updates
December 4, 2008 – Advisory updated with information on SWF Verification
November 17, 2008 – Advisory first created