CVE-2006-3007

Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/18376
http://secunia.com/advisories/20524	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml
http://secunia.com/advisories/21005
http://www.vupen.com/english/advisories/2006/2254
http://marc.info/?l=bugtraq&m=114980135615062&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/27129

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::mac_os_x:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::solaris:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.5::mac_os_x:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.5::win32:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.7.1::linux:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.4::linux:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.4::mac_os_x:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.8.3::win32:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::freebsd:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::linux:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.4::win32:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.8.9::win32:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.5::linux:::::
	cpe:2.3:a:nullsoft:shoutcast_server:1.9.2::win32:::::

Information

Published : 2006-06-13 03:02

Updated : 2017-07-19 18:31

NVD link : CVE-2006-3007

Mitre link : CVE-2006-3007

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

nullsoft

shoutcast_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/18376", "name": "18376", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20524", "name": "20524", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200607-05.xml", "name": "GLSA-200607-05", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/21005", "name": "21005", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/2254", "name": "ADV-2006-2254", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=114980135615062&w=2", "name": "20060608 bug of script injection in shoutcast servers", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27129", "name": "shoutcast-djfields-xss(27129)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3007", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-13T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.7.1:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.3:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:freebsd:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.4:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.8.9:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.5:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:31Z"}