Vulnerabilities > CVE-2005-0837 - Multiple vulnerability in Icecast XSL Parser

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

icecast

nessus

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).

Vulnerable Configurations

Part	Description	Count
Application	Icecast Icecast Icecast 2.0 Icecast Icecast 2.0.1 Icecast Icecast 2.0.2 Icecast Icecast 2.1.0 Icecast Icecast 2.2	5

Nessus

NASL family	CGI abuses
NASL id	ICECAST_XSL_PARSER_FLAWS.NASL
description	The remote host is running a version of Icecast that suffers from two flaws in its XSL parser. - A Locally-Exploitable Buffer Overflow Vulnerability The XSL parser does not check the size of XSL
last seen	2020-06-01
modified	2020-06-02
plugin id	17592
published	2005-03-22
reporter	This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17592
title	Icecast XSL Parser Multiple Vulnerabilities (OF, ID)

Summary

Vulnerable Configurations

Nessus

References