ID CVE-2006-3535
Summary Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
References
Vulnerable Configurations
  • cpe:2.3:a:nullsoft:shoutcast_dsp:1.9.5
    cpe:2.3:a:nullsoft:shoutcast_dsp:1.9.5
  • cpe:2.3:a:nullsoft:shoutcast_dsp:1.9.6
    cpe:2.3:a:nullsoft:shoutcast_dsp:1.9.6
CVSS
Base: 5.0 (as of 13-07-2006 - 13:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200607-05.NASL
description The remote host is affected by the vulnerability described in GLSA-200607-05 (SHOUTcast server: Multiple vulnerabilities) The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the 'Description', 'URL', 'Genre', 'AIM', and 'ICQ' fields. Impact : By sending a specially crafted GET request to the SHOUTcast server, the attacker can read any file that can be read by the SHOUTcast process. Furthermore it is possible that various request variables could also be exploited to execute arbitrary scripts in the context of a victim's browser. Workaround : There is no known workaround at this time.
last seen 2019-02-21
modified 2018-12-18
plugin id 22012
published 2006-07-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=22012
title GLSA-200607-05 : SHOUTcast server: Multiple vulnerabilities
refmap via4
confirm http://www.shoutcast.com/#news
gentoo GLSA-200607-05
misc
sectrack 1016493
secunia 20524
Last major update 06-12-2016 - 21:59
Published 12-07-2006 - 17:05
Back to Top