Directory Traversal Vulnerability in Nullsoft SHOUTcast DSP Software
CVE-2006-3534

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Shoutcast Server
Vendor: CVE Published:; 12 July 2006

What is CVE-2006-3534?

A directory traversal vulnerability exists in the Nullsoft SHOUTcast DSP versions prior to 1.9.6. This issue allows remote attackers to exploit encoded dot dot sequences (%2E%2E) in an HTTP GET request, facilitating unauthorized access to sensitive files on the server. By manipulating file paths, attackers may gain access to arbitrary files, which could lead to exposure of confidential data. It is crucial for users of affected versions to implement defensive measures and update to the latest version to mitigate this risk.

References

http://people.ksp.sk/~goober/advisory/001-shoutcast.html

x_refsource_MISC

http://securitytracker.com/id?1016493

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/20524

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2006
Vulnerability Reserved
Jul 12, 2006