Secure vulnerable JMX access configuration for Wowza Server software

This document provides instructions to help you prevent third parties from exploiting your Wowza™ media server software through Java Management Extensions (JMX) access. Follow the instructions below to prevent a third-party from exploiting this vulnerability to negatively affect your streaming applications and more—in the worst case, taking control of your media server.

About JMX

The Java Management Extensions (JMX) interface in Wowza media server software exposes Java application components through a unified object interface. This interface can then be consumed by open source and commercial monitoring tools such as HP OpenView, OpenNMS, JConsole, and VisualVM.

Affected Wowza server software versions

If you are using the JMX interface for remote monitoring and management

Review the instructions in How to use JConsole with Wowza media server software to verify that your JMX configuration is configured correctly.

If you are NOT using the JMX interface for remote monitoring and management

Do ONE of the following:

Restart your media server software to apply the change. For more information, see How to start and stop Wowza Streaming Engine software.

More information

Wowza Media Server Software Critical Update Webpage