PT-2005-1866 · Icecast+1 · Icecast+1

Published

2005-03-22

Updated

2024-06-15

CVE-2005-0837

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IceCast version 2.20

Description The issue allows remote attackers to bypass the XSL parser and obtain the source for XSL files. This can be achieved by making a request for a .xsl file with a trailing dot.

Recommendations For IceCast version 2.20, consider restricting access to .xsl files to prevent unauthorized access to their source code. As a temporary workaround, avoid serving .xsl files directly and instead use a proxy or other intermediary to handle requests for these files.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0837

OPENSUSE-SU-2024:10584-1

Affected Products

Debian

Icecast

PT-2005-1866 · Icecast+1 · Icecast+1

CVE-2005-0837

Related Identifiers

Affected Products

References · 15