|
|
Family: CGI abuses --> Category: infos
GNUMP3d < 2.9.6 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in GNUMP3d < 2.9.6
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote streaming server is prone to directory traversal and cross-
site scripting attacks.
Description :
The remote host is running GNUMP3d, an open-source audio / video
streaming server.
The installed version of GNUMP3d on the remote host suffers fails to
completely filter out directory traversal sequences from request URIs.
By leveraging this flaw, a possible hacker can read arbitrary files on the
remote subject to the rights under which the server operates. In
addition, it fails to sanitize user-supplied input to several scripts,
which can be used to launch cross-site scripting attacks against the
affected application.
See also :
http://savannah.gnu.org/cgi-bin/viewcvs/gnump3d/gnump3d/ChangeLog?rev=1.134&content-type=text/vnd.viewcvs-markup
Solution :
Upgrade to GNUMP3d 2.9.7 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
