CVE-2018-19365 : What You Need to Know

Wowza Streaming Engine 4.7.4.01 is affected by a vulnerability that allows directory traversal and file retrieval through a crafted HTTP request.

Understanding CVE-2018-19365

This CVE entry highlights a security issue in Wowza Streaming Engine 4.7.4

What is CVE-2018-19365?

The vulnerability in Wowza Streaming Engine 4.7.4.01 enables attackers to explore the directory system and retrieve files remotely by manipulating HTTP requests.

The Impact of CVE-2018-19365

The security flaw allows unauthorized access to sensitive files and directories, potentially leading to data breaches and unauthorized information disclosure.

Technical Details of CVE-2018-19365

Wowza Streaming Engine 4.7.4.01 vulnerability details

Vulnerability Description

The REST API in Wowza Streaming Engine 4.7.4.01 permits directory traversal and file retrieval through carefully crafted HTTP requests.

Affected Systems and Versions

Product: Wowza Streaming Engine 4.7.4.01
Vendor: Wowza Media Systems
Version: Not Applicable

Exploitation Mechanism

Attackers can exploit this vulnerability by sending specific HTTP requests to the REST API, allowing them to navigate the directory structure and retrieve files.

Mitigation and Prevention

Protecting systems from CVE-2018-19365

Immediate Steps to Take

Disable or restrict access to the affected REST API in Wowza Streaming Engine.
Implement network-level controls to filter and monitor incoming HTTP requests.
Regularly monitor system logs for any suspicious activities related to directory traversal.

Long-Term Security Practices

Conduct regular security assessments and penetration testing to identify and address vulnerabilities proactively.
Keep software and systems up to date with the latest security patches and updates.

Patching and Updates

Apply patches or updates provided by Wowza Media Systems to address the vulnerability in Wowza Streaming Engine 4.7.4.01.