Vulnerabilities > CVE-2002-1982 - Directory Traversal Information Disclosure vulnerability in Icecast 1.3.12

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

icecast

nessus

exploit available

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.

Vulnerable Configurations

Part	Description	Count
Application	Icecast Icecast Icecast 1.3.12	1

Exploit-Db

description	Icecast Server 1.3.12 Directory Traversal Information Disclosure Vulnerability. CVE-2002-1982. Remote exploit for linux platform
id	EDB-ID:21602
last seen	2016-02-02
modified	2002-07-09
published	2002-07-09
reporter	glaive
source	https://www.exploit-db.com/download/21602/
title	icecast server 1.3.12 - Directory Traversal information disclosure Vulnerability

Nessus

NASL family	CGI abuses
NASL id	ICECAST_DISCLOSURE.NASL
description	The remote server does not return the same error codes when it is requested a nonexistent directory and an existing one. An attacker may use this flaw to deduct the presence of several key directory on the remote server, and therefore gain further knowledge about it.
last seen	2020-06-01
modified	2020-06-02
plugin id	11044
published	2002-07-10
reporter	This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11044
title	Icecast list_directory Function Traversal File/Directory Enumeration
code	# # (C) Tenable Network Security, Inc. # # Script audit and contributions from Carmichael Security # Erik Anderson <[email protected]> # Added BugtraqID # # See the Nessus Scripts License for details # include("compat.inc"); if (description) { script_id(11044); script_version("1.28"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2002-1982"); script_bugtraq_id(5189); script_name(english:"Icecast list_directory Function Traversal File/Directory Enumeration"); script_summary(english:"Determines if the error code is the same when requesting non-existing and existing dirs"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The remote server does not return the same error codes when it is requested a nonexistent directory and an existing one. An attacker may use this flaw to deduct the presence of several key directory on the remote server, and therefore gain further knowledge about it."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/vuln-dev/2002/Jul/95"); script_set_attribute(attribute:"solution", value:"Upgrade to Icecast 2.0 as this reportedly fixes the issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2002/07/10"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 8000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:8000); if(!port) exit(0); if(!get_port_state(port))exit(0); banner = get_http_banner(port:port); if ( ! banner ) exit(0); if ( "icecast/" >!< tolower(banner) ) exit(0); req1 = http_send_recv3(method:"GET", item:"/test/../../../../../../../../../inexistant_i_hope/", port: port); req2 = http_send_recv3(method:"GET", item:"/test/../../../../../../../../../etc/", port: port); if (!(r2 == r1)) security_warning(port);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References