CVE-2001-0784
published 2001-10-18CVE-2001-0784: Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.36%
94.8th percentile
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icecast | icecast | <= 1.310 | — |
| icecast | icecast | — | — |
| icecast | icecast | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gphh-99vm-m2wj: Directory traversal vulnerability in Icecast 1
ghsa_unreviewed·2022-04-30
CVE-2001-0784 [MEDIUM] GHSA-gphh-99vm-m2wj: Directory traversal vulnerability in Icecast 1
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
Red Hat
security flaw
vendor_redhat·2001-06-26·CVSS 5.0
CVE-2001-0784 [MEDIUM] security flaw
security flaw
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
No detection rules found.
CAPEC
URL Encoding
mitre_capec
[HIGH] URL Encoding
CAPEC-72: URL Encoding
This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL.
Execution Flow:
Step 1 [Explore]: [Survey web application for URLs with parameters] Using a browser, an automated tool or by inspecting the application, an adversary records all URLs that contain parameters.
Technique: Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.
Step 2 [Experiment]: [Probe URLs to locate vulnerabilities] The adversary uses the URLs gathered in the "Explore" phase as a target list and tests parameters with different encodings of special characters to see how the web applicat
http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.htmlhttp://www.debian.org/security/2001/dsa-089http://www.osvdb.org/1883http://www.redhat.com/support/errata/RHSA-2001-105.htmlhttp://www.redhat.com/support/errata/RHSA-2002-063.htmlhttp://www.securityfocus.com/bid/2932https://exchange.xforce.ibmcloud.com/vulnerabilities/6752http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.htmlhttp://www.debian.org/security/2001/dsa-089http://www.osvdb.org/1883http://www.redhat.com/support/errata/RHSA-2001-105.htmlhttp://www.redhat.com/support/errata/RHSA-2002-063.htmlhttp://www.securityfocus.com/bid/2932https://exchange.xforce.ibmcloud.com/vulnerabilities/6752
2001-10-18
Published