Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Icecast XSL Parser Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for XSL parser vulnerabilities in Icecast

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote media streaming server is affected by multiple issues.

Description :

The remote host is running a version of Icecast that suffers from two
flaws in its XSL parser.

- A Locally-Exploitable Buffer Overflow Vulnerability
The XSL parser does not check the size of XSL 'when', 'if',
and 'value-of' tag values before copying them into a finite
buffer in process memory. A possible hacker may potentially be
able to exploit this vulnerability to execute arbitrary
code if he can have a specially-crafted XSL file placed in
an Icecast folder.

- An Information Disclosure Vulnerability
The XSL parser fails to parse XSL files when the request ends
with a dot ('.') and instead simply returns the contents.
A possible hacker can exploit this to uncover sensitive information
contained in XSL files.

See also :

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.