All,
I was looking into updating my vulnerability alert configuration and noticed that the software framework may be incorrectly parsing the software version for Adobe Flash Player. Please see the below example. The full string details show the correct version (26.0.0.137), but the parsed versions that I believe the vulnerability scripts read for major and minor versions looks to be grabbing the “20” from that portion of the syntax in the full string.
This email is information in case anyone actively updates the software framework. I’ll see if I can try to work it a bit on my local development system as time permits. Thanks.
Example Log:
1499796686.729596 137.164.83.xxx - HTTP::BROWSER Flash% 20 - - - Player/26 Flash%20Player/26.0.0.137 CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)