CVE-2006-3534
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
| Software | From | Fixed in |
|---|---|---|
| nullsoft / shoutcast_server | - | 1.9.5.x |
| nullsoft / shoutcast_server | 1.9.2 | 1.9.2.x |
| nullsoft / shoutcast_server | 1.8.9 | 1.8.9.x |
| nullsoft / shoutcast_server | 1.9.4 | 1.9.4.x |
| nullsoft / shoutcast_server | 1.9.5 | 1.9.5.x |
| nullsoft / shoutcast_server | 1.8.3 | 1.8.3.x |
| nullsoft / shoutcast_server | 1.7.1 | 1.7.1.x |
| nullsoft / shoutcast_server | 1.8.2 | 1.8.2.x |
- http://bugs.gentoo.org/show_bug.cgi?id=136721
- http://people.ksp.sk/~goober/advisory/001-shoutcast.html
- http://secunia.com/advisories/20524
- http://security.gentoo.org/glsa/glsa-200607-05.xml
- http://securitytracker.com/id?1016493
- http://www.shoutcast.com/#news
- http://www.vupen.com/english/advisories/2006/2801
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime