CVE-2017-16922: Path Traversal
First published: Mon Mar 05 2018(Updated: )
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | <4.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-16922?
CVE-2017-16922 is a vulnerability in Wowza Streaming Engine before version 4.7.1 that allows traversal of the directory structure and retrieval of a file through a specially crafted HTTP request.
What is the severity of CVE-2017-16922?
CVE-2017-16922 has a severity rating of 5.3 (Medium).
How can I fix the CVE-2017-16922 vulnerability?
To fix the CVE-2017-16922 vulnerability, you should upgrade Wowza Streaming Engine to version 4.7.1 or later.
What is the affected software for CVE-2017-16922?
The affected software for CVE-2017-16922 is Wowza Streaming Engine before version 4.7.1.
What is the CWE classification for CVE-2017-16922?
The CWE classification for CVE-2017-16922 is CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- vendor/wowza
- canonical/wowza streaming engine