PT-2019-9793 · Wowza · Wowza Streaming Engine

Sean Melia

Publicado

2019-03-18

Atualizado

2023-01-20

CVE-2018-19365

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wowza Streaming Engine version 4.7.4.01

Description The issue allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. This is related to the REST API in Wowza Streaming Engine.

Recommendations For Wowza Streaming Engine version 4.7.4.01, consider restricting access to the REST API to minimize the risk of exploitation. As a temporary workaround, limit the ability to traverse the directory structure and retrieve files via remote HTTP requests until a patch is available.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-19365

Produtos afetados

Wowza Streaming Engine

PT-2019-9793 · Wowza · Wowza Streaming Engine

CVE-2018-19365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5