Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Adobe Flash Media Server Directory Traversal Vulnerability (APSB09-18)

Subscribe

Check Point Reference: CPAI-2009-330
Date Published:
Preemptive Since:
Severity:
Source: Adobe Security Bulletin - APSB09-18
Industry Reference(s): CVE-2009-3792
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
InterSpect
  • NGX
Who is Vulnerable?
Flash Media Server 3.5.2 and earlier versions
Vulnerability Description
A directory traversal vulnerability has been discovered in Adobe Flash Media Server (FMS). Flash Media Server (FMS) is an application server for Flash-based applications. This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request. Instead of having access only to the publically-available files, the hacker can have access to all files and load arbitrary DLLS that are present on that server using this vulnerability.
Update/Patch Available
Apply patches:
Adobe Security Bulletin - APSB09-18
Vulnerability Details
The vulnerability is due to an input validation error in the Adobe Flash Media Server. Successful exploitation could lead to FMS loading arbitrary DLLs present on the server.

Protection Overview
This protection will detect and block attempts to transfer malformed HTTP requests sent to the vulnerable server. No update is required to address this vulnerability.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Web Intelligence > Application Layer.
2. In the right pane, double-click the Directory Traversal protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

VPN-1 NGX R65 & VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Directory Traversal.
2. In the configuration pane, under Settings > Mode, check Active.
3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
2. In the SmartDefense tree, click Web Intelligence > Application Layer and enable Directory Traversal.
3. The protection can be applied either to all HTTP traffic or to selected web servers.
4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Directory Traversal
Attack Information: WSE0090001 directory traversal overflow