SHOUTcast Server Log Files XSS (deprecated)

Medium Nessus Network Monitor Plugin ID 1527

Synopsis

The remote host is running a vulnerable version of SHOUTcast server.

Description

The remote host is running a SHOUTcast server. This software does not properly validate the data provided by web clients, and is therefore vulnerable to a cross-site scripting issue in its logs interface (which can only be used by the administrator). An attacker may use this flaw to steal the cookies of the administrator and gain access to this server.

Solution

None solution known at this time.

See Also

http://www.securiteam.com/securitynews/5WP010U9FY.html

http://www.securitytracker.com/alerts/2003/Mar/1006203.html

Plugin Details

Severity: Medium

ID: 1527

File Name: 1527.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2015/06/01

Dependencies: 1442

Nessus ID: 11624

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 4

Temporal Score: 3.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C