Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3534

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-3534
Last Modified 07 Mar 2011 09:38:51
Published 12 Jul 2006 05:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3534

Summary

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".

Vulnerable Systems

Application

  • Nullsoft Shoutcast Server 1.7.1

  • Nullsoft Shoutcast Server 1.8.2

  • Nullsoft Shoutcast Server 1.8.3

  • Nullsoft Shoutcast Server 1.8.9

  • Nullsoft Shoutcast Server 1.9.2

  • Nullsoft Shoutcast Server 1.9.4

  • Nullsoft Shoutcast Server 1.9.5


References

CONFIRM - http://www.shoutcast.com/#news

GENTOO - GLSA-200607-05

SECUNIA - 20524

MISC - http://people.ksp.sk/~goober/advisory/001-shoutcast.html

VUPEN - ADV-2006-2801

MISC - http://bugs.gentoo.org/show_bug.cgi?id=136721

SECTRACK - 1016493


Last Updated: 27 May 2016 10:43:02