CVE-2006-3534
N/A
N/A
Summary
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://people.ksp.sk/~goober/advisory/001-shoutcast.html
- http://securitytracker.com/id?1016493
- http://secunia.com/advisories/20524
- http://www.vupen.com/english/advisories/2006/2801
- http://bugs.gentoo.org/show_bug.cgi?id=136721
- http://www.shoutcast.com/#news
- http://security.gentoo.org/glsa/glsa-200607-05.xml
References
- http://people.ksp.sk/~goober/advisory/001-shoutcast.html
- http://securitytracker.com/id?1016493
- http://secunia.com/advisories/20524
- http://www.vupen.com/english/advisories/2006/2801
- http://bugs.gentoo.org/show_bug.cgi?id=136721
- http://www.shoutcast.com/#news
- http://security.gentoo.org/glsa/glsa-200607-05.xml
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.