CVE-2021-35492
Description
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Wowza/Streaming Enginedescription
- Range: <=4.8.11+5
Patches
Vulnerability mechanics
References
3- www.gruppotim.it/redteamnvdExploitThird Party Advisory
- n4nj0.github.io/advisories/wowza-streaming-engine-i/nvdThird Party Advisory
- www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notesnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.