Wowza Community

Vulnerabilities

Dear All,

someone know info about the vuln. about this link ?

http://wejn.com/blog/2013/04/why-you-should-keep-properties-and-logging-modules-out-of-your-application-dot-xml/

thanks,

Alessandro

Hi,

Wowza Streaming Engine is not affected by this. Although it may have been possible to retrieve some property names due to the inclusion of the property module it had limited impact for Wowza Media Server. You can at any time remove the modules from your Application.xml without impact.

Regarding the second, logging, this is considered a very limited attack vector and we have never seen any customers affected by it.

Andrew.