Streaming Engine Security Vulnerabilities and Issues — Streaming Engine CVE List

Lucene search

WowzaStreaming Engine

4 matches found

CVE•added 2018/03/05 6:29 p.m.•45 views

CVE-2017-16922

In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.

5.3CVSS5.3AI score0.00593EPSS

CVE•added 2018/03/01 9:29 p.m.•39 views

CVE-2018-7047

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).

9.8CVSS9.4AI score0.02986EPSS

CVE•added 2018/03/01 9:29 p.m.•38 views

CVE-2018-7049

An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.

6.1CVSS6.1AI score0.00301EPSS

CVE•added 2018/03/01 9:29 p.m.•35 views

CVE-2018-7048

An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.

7.5CVSS7.3AI score0.01564EPSS