CVE-2018-19365
published 2019-03-21CVE-2018-19365: The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP…
PriorityP183critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
22.86%
97.4th percentile
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wowza | streaming_engine | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/passwd&logSource=engine↗
- →Look for HTTP GET requests targeting the Wowza REST API endpoint /enginemanager/server/logs/download with path traversal sequences (../../../../) in the logName parameter ↗
- →A successful exploitation returns HTTP 200 with /etc/passwd content matching root:.*:0:0: in the response body ↗
- →Shodan query can be used to identify exposed Wowza Streaming Engine Manager instances: http.title:"manager" product:"wowza streaming engine" ↗
- ·The vulnerability is unauthenticated (PR:N) and network-reachable (AV:N), meaning no credentials are required to exploit the directory traversal via the REST API ↗
- ·Affected version is specifically Wowza Streaming Engine 4.7.4.01; the logName query parameter is the injection point for path traversal sequences ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pf2m-jrq9-6mcm: The REST API in Wowza Streaming Engine 4
ghsa_unreviewed·2022-05-13
CVE-2018-19365 [HIGH] CWE-22 GHSA-pf2m-jrq9-6mcm: The REST API in Wowza Streaming Engine 4
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
VulnCheck
wowza streaming_engine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2018·CVSS 9.1
CVE-2018-19365 [CRITICAL] wowza streaming_engine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
wowza streaming_engine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
Affected: wowza streaming_engine
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-26&host_type=src&vulnerability=cve-2018-19365; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-11&host_type=src&vulnerability=cve-2018-19365; https://dashboard.shadowserver.org/statistics/hon
No detection rules found.
Nuclei
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
nuclei·CVSS 9.1
CVE-2018-19365 [CRITICAL] Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
Template:
id: CVE-2018-19365
info:
name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
author: 0x_Akoko
severity: critical
description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or disclosure of sensitive information.
remediation: |
Upgrade to the latest version of Wowza Streaming Engine Manage
https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.htmlhttps://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txthttps://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.htmlhttps://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt
2019-03-21
Published
Exploited in the wild