[Live-devel] Unauthenticated path traversal via RTSP DESCRIBE
A. Ramos
aramosf at gmail.com
Wed Jun 3 03:07:35 PDT 2026
ok! I was thinking in something like DocumentRoot in web world. Thank you!
El mié, 3 jun 2026 a las 8:47, Ross Finlayson
(<finlayson at live555.com>) escribió:
>
> I do not consider this to be a bug or a ‘vulnerability’. In fact, it is a ‘feature’. A streamable media file can be placed anywhere in the file system, and - as long as it can be read by the “LIVE555 Media Server” - it can be streamed using an appropriate URL.
>
> Note that the “LIVE555 Media Server” will read only streamable media files - not other (non-media) files (such as password files, for instance). Also, if you want the “LIVE555 Media Server” to be able to access only a subset of the file system, then you easily can do so - e.g., by setting up a ‘chroot jail’.
>
>
> Ross Finlayson
> Live Networks, Inc.
> http://www.live555.com/
>
>
> _______________________________________________
> live-devel mailing list
> live-devel at lists.live555.com
> http://lists.live555.com/mailman/listinfo/live-devel
--
Alejandro Ramos
@aramosf
More information about the live-devel
mailing list