CVE-2019-7655 - Vulnerability Details - OpenCVE

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00676.

Key SSVC decision points have not yet been added.

Vendors	Products
Wowza	Streaming Engine

Configuration 1 [-]

cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza
https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt
https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes
https://www.wowza.com/pricing/installer

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-29T15:25:24

Updated: 2024-08-04T20:54:28.468Z

Reserved: 2019-02-08T00:00:00

Link: CVE-2019-7655

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-29T16:15:11.913

Modified: 2024-11-21T04:48:28.370

Link: CVE-2019-7655

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-29T21:02:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wowza.com/pricing/installer"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"}, {"tags": ["x_refsource_MISC"], "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.wowza.com/pricing/installer", "refsource": "MISC", "url": "https://www.wowza.com/pricing/installer"}, {"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza", "refsource": "MISC", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"}, {"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes", "refsource": "CONFIRM", "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"}, {"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt", "refsource": "MISC", "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:54:28.468Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wowza.com/pricing/installer"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7655", "datePublished": "2020-01-29T15:25:24", "dateReserved": "2019-02-08T00:00:00", "dateUpdated": "2024-08-04T20:54:28.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "72870676-F760-48D9-8DA3-39D4C99C7BFE", "versionEndIncluding": "4.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5."}, {"lang": "es", "value": "Wowza Streaming Engine versiones 4.8.0 y anteriores, sufre de m\u00faltiples vulnerabilidades de tipo XSS autenticado por medio del (1) campo customList%5B0%5D.value en el archivo enginemanager/server/serversetup/edit_adv.htm de la configuraci\u00f3n de Server Setup o el (2) campo host en el archivo enginemanager/j_spring_security_check del formulario de inicio de sesi\u00f3n. Este problema se resolvi\u00f3 en el Wowza Streaming Engine 4.8.5"}], "id": "CVE-2019-7655", "lastModified": "2024-11-21T04:48:28.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-29T16:15:11.913", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wowza.com/pricing/installer"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-Wowza"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7655.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wowza.com/pricing/installer"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}