Wowza Streaming Engine Patch: Path Traversal, XSS, and Spring Security Upgrade (CVE-2024-52052-52056)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability IDs and Descriptions: - CVE-2024-52052: Rapid7-WOWZA-WRITEJSP - CVE-2024-52053: Rapid7-WOWZA-XSS - CVE-2024-52054: Rapid7-WOWZA-TRAVERSAL-1 - CVE-2024-52055: Rapid7-WOWZA-TRAVERSAL-2 - CVE-2024-52056: Rapid7-WOWZA-TRAVERSAL-3 2. Vulnerability Fixes: - pushPublishMapPath: Added various validations to ensure custom application settings configured via Wowza Streaming Engine Manager and Wowza Streaming Engine REST API are properly validated. - application names: Added validation to check that application names created via Wowza Streaming Engine REST API do not contain path traversal or special characters. - application name: Added validation to check that application names during application deletion do not contain path traversal or special characters. 3. Other Fixes: - Spring Security: Upgraded to version 6.2.7. - Name and Configuration Directory: Ensured that the Name and Configuration Directory fields on the Virtual Host Setup page are read-only. - SRT stream connection failures: Fixed null pointer exceptions caused by parsing description headers. - netty-nio-client dependency: Removed to resolve issues affecting AWS SDK API calls and Media Cache workflows. - HTTP Streamers Cupertino Settings: Fixed 403 errors caused when multiple properties are enabled. This information indicates that Wowza Streaming Engine 4.9.1 addresses multiple security vulnerabilities, including path traversal and XSS attacks, and includes an upgrade to Spring Security.

Goal Reached Thanks to every supporter — we hit 100%!

Wowza Streaming Engine Patch: Path Traversal, XSS, and Spring Security Upgrade (CVE-2024-52052-52056)