Lucene search

MitreCVE-2006-3534

HistoryJul 12, 2006 - 9:05 p.m.

CVE-2006-3534

2006-07-1221:05:00

mitre

web.nvd.nist.gov

cve

2006

3534

directory traversal

nullsoft

shoutcast dsp

security vulnerability

nvd

http get request

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.025

Percentile

90.1%

JSON

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing “/content”.

Affected configurations

Nvd

Node

nullsoftshoutcast_serverRange≤1.9.5

nullsoftshoutcast_serverMatch1.7.1linux

nullsoftshoutcast_serverMatch1.8.2

nullsoftshoutcast_serverMatch1.8.3

nullsoftshoutcast_serverMatch1.8.3win32

nullsoftshoutcast_serverMatch1.8.9

nullsoftshoutcast_serverMatch1.8.9freebsd

nullsoftshoutcast_serverMatch1.8.9linux

nullsoftshoutcast_serverMatch1.8.9mac_os_x

nullsoftshoutcast_serverMatch1.8.9solaris

nullsoftshoutcast_serverMatch1.8.9win32

nullsoftshoutcast_serverMatch1.9.2

nullsoftshoutcast_serverMatch1.9.2win32

nullsoftshoutcast_serverMatch1.9.4linux

nullsoftshoutcast_serverMatch1.9.4mac_os_x

nullsoftshoutcast_serverMatch1.9.4win32

nullsoftshoutcast_serverMatch1.9.5linux

nullsoftshoutcast_serverMatch1.9.5mac_os_x

nullsoftshoutcast_serverMatch1.9.5win32

VendorProductVersionCPE
nullsoftshoutcast_server*cpe:2.3:a:nullsoft:shoutcast_server:*:*:*:*:*:*:*:*
nullsoftshoutcast_server1.7.1cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*
nullsoftshoutcast_server1.8.2cpe:2.3:a:nullsoft:shoutcast_server:1.8.2:*:*:*:*:*:*:*
nullsoftshoutcast_server1.8.3cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:*:*:*:*:*:*
nullsoftshoutcast_server1.8.3cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*
nullsoftshoutcast_server1.8.9cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:*:*:*:*:*:*
nullsoftshoutcast_server1.8.9cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*
nullsoftshoutcast_server1.8.9cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*
nullsoftshoutcast_server1.8.9cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*
nullsoftshoutcast_server1.8.9cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	shoutcast_server	*	cpe:2.3:a:nullsoft:shoutcast_server::::::::
nullsoft	shoutcast_server	1.7.1	cpe:2.3:a:nullsoft:shoutcast_server:1.7.1::linux:::::
nullsoft	shoutcast_server	1.8.2	cpe:2.3:a:nullsoft:shoutcast_server:1.8.2:::::::*
nullsoft	shoutcast_server	1.8.3	cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:::::::*
nullsoft	shoutcast_server	1.8.3	cpe:2.3:a:nullsoft:shoutcast_server:1.8.3::win32:::::
nullsoft	shoutcast_server	1.8.9	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:::::::*
nullsoft	shoutcast_server	1.8.9	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::freebsd:::::
nullsoft	shoutcast_server	1.8.9	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::linux:::::
nullsoft	shoutcast_server	1.8.9	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::mac_os_x:::::
nullsoft	shoutcast_server	1.8.9	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::solaris:::::

Rows per page:

1-10 of 191

References

bugs.gentoo.org/show_bug.cgi?id=136721

people.ksp.sk/~goober/advisory/001-shoutcast.html

secunia.com/advisories/20524

security.gentoo.org/glsa/glsa-200607-05.xml

securitytracker.com/id?1016493

www.shoutcast.com/#news

www.vupen.com/english/advisories/2006/2801

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.025

Percentile

90.1%

JSON

Related for CVE-2006-3534