Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-35492. PoCs published by N4nj0.
AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2021-35492, an uncontrolled resource consumption vulnerability in Wowza Streaming Engine. The exploit sends repeated HTTP requests to the `/enginemanager/server/vhost/historical.jsdata` endpoint with crafted parameters to exhaust filesystem resources, leading to a denial of service.
Description
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
Exploits (1)
This repository contains a functional Python script that exploits CVE-2021-35492, an uncontrolled resource consumption vulnerability in Wowza Streaming Engine. The exploit sends repeated HTTP requests to the `/enginemanager/server/vhost/historical.jsdata` endpoint with crafted parameters to exhaust filesystem resources, leading to a denial of service.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H