Design/Logic Flaw

2021-04-2317:15:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.

CPENameOperatorVersion
streaming_enginele4.8.5

CPE	Name	Operator	Version
	streaming_engine	le	4.8.5

References

www.gruppotim.it/redteam

www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes

www.wowza.com/products/streaming-engine