CVE-2021-35492

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions 4.8.11+5 and earlier

Description: The issue allows an authenticated, remote attacker to exhaust filesystem resources via the "/enginemanager/server/vhost/historical.jsdata" vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this by requesting random virtual-host historical data through the Virtual Host Monitoring section, causing database errors and making the device unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the application to an operational state.

Recommendations: For Wowza Streaming Engine versions 4.8.11+5 and earlier, as a temporary workaround, consider restricting access to the "/enginemanager/server/vhost/historical.jsdata" endpoint to minimize the risk of exploitation. Additionally, limit the vhost parameter usage in the Virtual Host Monitoring section until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.