Severity: Critical
Versions: Wowza Streaming Engine >= 4.8.8.01
Exploit type: Apache Log4j2 security vulnerability (CVE-2021-44228 & CVE-2021-45046)
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible.
Logging in Wowza Streaming Engine 4.8.8.01 and later uses a version of Apache Log4j2 with a security vulnerability (CVE-2021-44228) involving JNDI functionality that is not protected against attacker-controlled LDAP and other JNDI-related endpoints.
If you have Wowza Streaming Engine installed on your system, you should immediately apply the update patch. If you do not have Wowza Streaming Engine installed then no action is required.
Solution
You can manually apply the Wowza update to fix the Apache Log4j2 security vulnerability or run the following command to apply all steps automatically.
sh -c "$(curl -sSL https://mirror.mediacp.net/download/hotfix/WSE-log4j2-patch.txt)"
