CVE-2018-19365.

[Suggested description]
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of 
the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.

------------------------------------------

[Vulnerability Type]
Directory Traversal

------------------------------------------

[Vendor of Product]
Wowza Media Systems LLC

------------------------------------------

[Affected Product Code Base]
Wowza Streaming Engine - All versions from 4.7.5.01 and prior, Issue mitigated in 4.7.5.02 and later

------------------------------------------

[Affected Component]
Wowza Streaming Engine REST API

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
false

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
Someone must issue a crafted REST API call to Wowza Streaming Engine

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Sean Melia of Aon’s Cyber Solutions