CVE-2018-7049

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine versions prior to 4.7.1

Description An issue was discovered in the HTTP providers, specifically com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager, causing script injection and/or reflection via a crafted HTTP request. This is due to an XSS issue.

Recommendations For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP providers to minimize the risk of exploitation.