Published: 18/10/2001 Updated: 10/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in Icecast 1.3.10 and previous versions allows remote malicious users to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
icecast icecast 1.3.7
icecast icecast 1.3.8_beta2
icecast icecast

The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 22 has several security problems: if a client added a / after the filename of a file to be downloaded the server would crash by escaping dots as E it was possible to circumvent security measures and download arbitrary files there were several buffer ...

source: wwwsecurityfocuscom/bid/2932/info Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems Icecast does not filter encoded characters from URLs when receiving web requests If a remote attacker crafts a URL containing the ASCII equivalent of directory traversal characters, it is possible to es ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html http://www.securityfocus.com/bid/2932 http://www.redhat.com/support/errata/RHSA-2001-105.html http://www.redhat.com/support/errata/RHSA-2002-063.html http://www.debian.org/security/2001/dsa-089 http://www.osvdb.org/1883 https://exchange.xforce.ibmcloud.com/vulnerabilities/6752 https://nvd.nist.gov https://www.debian.org/security/./dsa-089 https://www.exploit-db.com/exploits/20972/

CVE-2001-0784

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect