Vulnerability Description
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowza | Streaming Engine | <= 4.8.11 |
Related Weaknesses (CWE)
References
- https://n4nj0.github.io/advisories/wowza-streaming-engine-i/Third Party Advisory
- https://www.gruppotim.it/redteamExploitThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notesRelease NotesVendor Advisory
- https://n4nj0.github.io/advisories/wowza-streaming-engine-i/Third Party Advisory
- https://www.gruppotim.it/redteamExploitThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notesRelease NotesVendor Advisory
FAQ
What is CVE-2021-35492?
CVE-2021-35492 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due...
How severe is CVE-2021-35492?
CVE-2021-35492 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35492?
Check the references section above for vendor advisories and patch information. Affected products include: Wowza Streaming Engine.