Vulnerability Details : CVE-2006-3534

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".

Vulnerability category: Directory traversal

Published 2006-07-12 21:05:00

Updated 2011-03-08 02:38:52

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-3534

Probability of exploitation activity in the next 30 days: 2.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3534

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2006-3534

http://securitytracker.com/id?1016493

CVEs referencing this url
http://bugs.gentoo.org/show_bug.cgi?id=136721

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200607-05.xml

Exploit;Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/2801
http://people.ksp.sk/~goober/advisory/001-shoutcast.html

Exploit;Patch;Vendor Advisory

CVEs referencing this url
http://www.shoutcast.com/#news

Patch

CVEs referencing this url

Products affected by CVE-2006-3534

Nullsoft » Shoutcast Server
Versions up to, including, (<=) 1.9.5
cpe:2.3:a:nullsoft:shoutcast_server:*:*:*:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.2
cpe:2.3:a:nullsoft:shoutcast_server:1.8.2:*:*:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.3
cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:*:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9 Freebsd Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9 Mac Os X Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9 Solaris Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9 Win32 Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9 Linux Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.9
cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:*:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.2
cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:*:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.4 Mac Os X Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.4 Win32 Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.4 Linux Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.5 Mac Os X Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.5 Win32 Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.7.1 Linux Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.8.3 Win32 Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.5 Linux Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*
Matching versions
Nullsoft » Shoutcast Server » Version: 1.9.2 Win32 Edition
cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*
Matching versions