io.antmedia:ant-media-server@2.7.0 vulnerabilities

latest version

2.9.0
first published

6 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [1.2.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.antmedia:ant-media-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Authorization io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate. Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers. How to fix Improper Authorization? There is no fixed version for `io.antmedia:ant-media-server`.	[0,)
H Missing Authorization io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate. Affected versions of this package are vulnerable to Missing Authorization allowing an unprivileged operating system user to connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. Exploiting this vulnerability allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system. Note Exploiting this vulnerability is possible when Ant Media Server is running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. How to fix Missing Authorization? Upgrade `io.antmedia:ant-media-server` to version 2.9.0 or higher.	[2.6.0,2.9.0)

Improper Authorization

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.

How to fix Improper Authorization?

There is no fixed version for io.antmedia:ant-media-server.

[0,)

Missing Authorization

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Missing Authorization allowing an unprivileged operating system user to connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. Exploiting this vulnerability allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system.

Note

Exploiting this vulnerability is possible when Ant Media Server is running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP.

How to fix Missing Authorization?

Upgrade io.antmedia:ant-media-server to version 2.9.0 or higher.

[2.6.0,2.9.0)

Go back to all versions of this package

io.antmedia:ant-media-server@2.7.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities