CVE-2017-16922

[Suggested Description]
---------------------------------------
Transversal of directory structure and retrieval of file via a remote, specifically crated HTTP request
---------------------------------------
[Vulnerability Type]
Directory Traversal
---------------------------------------
[Vendor of Product]
Wowza Media Systems LLC
---------------------------------------
[Affected Product Code Base]
Wowza Streaming Engine - All versions from 4.7.0 and prior, Issue fixed in 4.7.1
---------------------------------------
[Affected Component]
HTTP Provider within the VHost.xml configuration, specifically the HTTP Provider

com.wowza.wms.timedtext.http.HTTPProviderCaptionFile
---------------------------------------
[Attack Type]
Remote
---------------------------------------
[Impact Code Execution]
false
---------------------------------------
[Impact Denial of Service]
true
---------------------------------------
[Attack Vector]
Using a specifically crafted HTTP requested using a TTML extension
---------------------------------------
[Has the vendor confirmed or acknowledged the vulnerability?]
true