GNUMP3d Discloses Files on the Target System to Remote Users and Permits Cross-Site Scripting Attacks

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053302 漏洞类型
发布时间 2005-10-29 更新时间 2005-10-29
CVE编号 CVE-2005-3122
CVE-2005-3123
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2005100073
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Debian reported:
 
Steve Kemp discovered two vulnerabilities in gnump3d, a streaming
server for MP3 and OGG files.  The Common Vulnerabilities and
Exposures Project identifies the following problems:
 
CVE-2005-3122
 
    The 404 error page does not strip malicious javascript content
    from the resulting page, which would be executed in the victims
    browser.
 
CVE-2005-3123
 
    By using specially crafting URLs it is possible to read arbitary
    files to which the user of the streaming server has access to.