Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
57 lines (34 sloc) 1.24 KB
CVE-2018-19365.
[Suggested description]
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of
the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
------------------------------------------
[Vulnerability Type]
Directory Traversal
------------------------------------------
[Vendor of Product]
Wowza Media Systems LLC
------------------------------------------
[Affected Product Code Base]
Wowza Streaming Engine - All versions from 4.7.5.01 and prior, Issue mitigated in 4.7.5.02 and later
------------------------------------------
[Affected Component]
Wowza Streaming Engine REST API
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
false
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
Someone must issue a crafted REST API call to Wowza Streaming Engine
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Sean Melia of Aon’s Cyber Solutions
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.