CVE-2019-19454

[Suggested Description]
---------------------------------------
An arbitrary file download vulnerability was found in the "Download Log"
functionality of Wowza Streaming Engine.
---------------------------------------
[Vulnerability Type]
Arbitrary File Download/Path Traversal
---------------------------------------
[Vendor of Product]
Wowza Media Systems LLC
---------------------------------------
[Affected Product Code Base]
Wowza Streaming Engine - Versions prior to 4.8.0, Issue fixed in 4.8.0
---------------------------------------
[Affected Component]
Wowza Streaming Engine Manager
---------------------------------------
[Attack Type]
Remote
---------------------------------------
[Impact Code Execution]
false
---------------------------------------
[Impact Denial of Service]
false
---------------------------------------
[Attack Vector]
Authenticated user could format a URL that could traverse the filesystem and
retrieve files via "Download Log" functionality of Wowza Streaming Engine Manager
since the server was running as root by default.
---------------------------------------
[Has the vendor confirmed or acknowledged the vulnerability?]
true