Detections
Analytics

Icecast list_directory Function Traversal File/Directory Enumeration

medium Nessus Plugin ID 11044

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote server does not return the same error codes when it is requested a nonexistent directory and an existing one. An attacker may use this flaw to deduct the presence of several key directory on the remote server, and therefore gain further knowledge about it.

Solution

Upgrade to Icecast 2.0 as this reportedly fixes the issue.

See Also

https://seclists.org/vuln-dev/2002/Jul/95

Plugin Details

Severity: Medium

ID: 11044

File Name: icecast_disclosure.nasl

Version: 1.29

Type: remote

Family: CGI abuses

Published: 7/10/2002

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/9/2002

Reference Information

CVE: CVE-2002-1982

BID: 5189