CVE-2006-3534

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".

Vulnerabilidad de salto de directorio en Nullsoft SHOUTcast DSP versiones anteriores a la 1.9.6, filtra secuencias de salto de directorio antes de decodificarse, lo que permite a atacantes remotos leer ficheros de su elección a través de secuencias codificadas punto punto (%2E%2E) en una petición HTTP GET para una ruta de archivo que contenga "/content".

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-07-12 CVE Reserved
2006-07-12 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (7)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=136721	X_refsource_misc
http://securitytracker.com/id?1016493	Vdb Entry
http://www.vupen.com/english/advisories/2006/2801	Vdb Entry

URL	Date	SRC
http://people.ksp.sk/~goober/advisory/001-shoutcast.html	2024-08-07
http://secunia.com/advisories/20524	2024-08-07
http://security.gentoo.org/glsa/glsa-200607-05.xml	2024-08-07

URL	Date	SRC
http://www.shoutcast.com/#news	2011-03-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				<= 1.9.5 Search vendor "Nullsoft" for product "Shoutcast Server" and version " <= 1.9.5"		-		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.7.1 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.7.1"		linux		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.2 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.2"		-		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.3 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.3"		-		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.3 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.3"		win32		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		-		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		freebsd		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		linux		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		mac_os_x		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		solaris		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.8.9 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.8.9"		win32		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.2 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.2"		-		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.2 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.2"		win32		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.4 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.4"		linux		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.4 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.4"		mac_os_x		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.4 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.4"		win32		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.5 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.5"		linux		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.5 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.5"		mac_os_x		Affected
Nullsoft Search vendor "Nullsoft"		Shoutcast Server Search vendor "Nullsoft" for product "Shoutcast Server"				1.9.5 Search vendor "Nullsoft" for product "Shoutcast Server" and version "1.9.5"		win32		Affected