CVE-2006-3534
Published Jul 12, 2006
Last updated 14 years ago
Overview
- Description
- Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6228FD2F-E446-43C0-BA4F-A9A4D83E0840",
"versionEndIncluding": "1.9.5"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F6BDC78-C016-43CA-A0FC-D3872F4A3874"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51161B33-A3F8-438B-99C7-9AE57A13FA72"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25EFDB45-B6D9-482E-8EBF-79830E4BD025"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "440E9595-71EE-42B5-8F81-3C63AC2040ED"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C79B1E-D8B7-49C0-8BB6-E9BBD46837E9"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E508D922-3817-4BD3-A4D5-B6981F10BDFE"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C08E8A3C-A83F-4339-AC5B-B8EC896B70A7"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A842C27-A792-4483-92EF-7CD08507C246"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B703039B-1EC8-41D2-8365-CA7359BFDFE9"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE770672-FF5D-41F7-A1CF-35811EF8098C"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCC4C250-C763-4D93-BE20-6EACF00C97C2"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C138869-BAFB-49EF-A6F9-F3F70D0A4D11"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5199CE97-4B9A-4515-979F-7629F7E24842"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A4E885A-D64C-41E6-8F79-3569C7E95642"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC4BF564-908B-4996-A3AF-0D73C2C80283"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57E21195-8378-48D2-B337-BCFF2822A4E6"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0893B1F-D8E5-4980-A524-4639325DA101"
},
{
"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6906F523-05B2-48C5-82F9-CE4520F3BF79"
}
],
"operator": "OR"
}
]
}
]