Directory Traversal Vulnerability in Icecast Server by Xiph.org
CVE-2002-1982

Currently unrated

Key Information:

Vendor: Icecast
Status: Icecast
Vendor: CVE Published:; 31 December 2002

What is CVE-2002-1982?

The Icecast server version 1.3.12 suffers from a directory traversal vulnerability in the list_directory function. This flaw permits remote attackers to verify the existence of directories on the server by sending specially crafted GET requests containing '..' (dot dot) sequences. Depending on whether the directory requested exists, the server responds with distinct error messages. This discrepancy in responses can be exploited for information disclosure, potentially leading to unauthorized access to sensitive directories and files within the server structure.

References

http://www.securityfocus.com/bid/5189

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/9530.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/82/281274

mailing-listx_refsource_VULN-DEV

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002

CVE-2002-1982 Data

JSON