Vulnerabilities > CVE-2002-1470 - Information Disclosure vulnerability in Nullsoft Shoutcast Server 1.8.9

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

nullsoft

NVD

Published: 2003-04-22

Updated: 2008-09-05

Summary

SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.

Vulnerable Configurations

Part	Description	Count
Application	Nullsoft Nullsoft Shoutcast Server 1.8.9	1

References

http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html
http://www.iss.net/security_center/static/9775.php
http://www.securityfocus.com/bid/5414