CVE-2018-19365: Path Traversal
First published: Mon Mar 18 2019(Updated: )
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | =4.7.4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19365?
CVE-2018-19365 is a critical vulnerability in Wowza Streaming Engine 4.7.4.01 that allows directory traversal and retrieval of a file through a specially crafted HTTP request.
How severe is CVE-2018-19365?
CVE-2018-19365 has a severity rating of 9.1 (critical).
How does CVE-2018-19365 affect Wowza Streaming Engine?
CVE-2018-19365 affects Wowza Streaming Engine version 4.7.4.0.1.
How can the directory traversal vulnerability be exploited in Wowza Streaming Engine?
The directory traversal vulnerability in Wowza Streaming Engine can be exploited by sending a specifically crafted HTTP request to traverse the directory structure and retrieve files.
Are there any references for CVE-2018-19365?
Yes, you can find references for CVE-2018-19365 at the following links: - [Blog post by GDS Security](https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html) - [Detailed information on GitHub](https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt)
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/wowza
- canonical/wowza streaming engine
- version/wowza streaming engine/4.7.4.0.1