What is CVE-2018-19365?

CVE-2018-19365 is a vulnerability in N/a. Published 2019-03-18.

Is CVE-2018-19365 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.

EPSS: 0.887 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/kenzer-templates

References

blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-tr… (x_refsource_MISC)
raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-eng… (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-19365?: CVE-2018-19365 is a vulnerability in N/a. Published 2019-03-18.
Is CVE-2018-19365 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.