The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
References
Link | Resource |
---|---|
https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html | Exploit Third Party Advisory |
https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt | Third Party Advisory |
Configurations
History
20 Jan 2023, 15:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
Information
Published : 2019-03-21 16:00
Updated : 2023-12-10 12:59
NVD link : CVE-2018-19365
Mitre link : CVE-2018-19365
CVE.ORG link : CVE-2018-19365
JSON object : View
Products Affected
wowza
- streaming_engine
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')