Icecast Server < 1.3.10 Directory Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 2143
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote host is running a vulnerable version of Icecast, an open-source streaming server. It is reported that every version prior to 1.3.10 is vulnerable to an information disclosure issue. An attacker may craft encoded URL request that may permit him to read files and directory outside the Icecast Server directory.
SolutionUpgrade to Icecast 1.3.10 or higher.