CVE-2007-1229 - OpenCVE

Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nullsoft	Shoutcast Server

Configuration 1 [-]

cpe:2.3:a:nullsoft:shoutcast_server:1.9.7:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0604.html	Exploit
http://osvdb.org/33793
http://secunia.com/advisories/24323	Vendor Advisory
http://www.securityfocus.com/archive/1/461474/100/0/threaded
http://www.securityfocus.com/bid/22742	Exploit
http://www.vupen.com/english/advisories/2007/0775
https://exchange.xforce.ibmcloud.com/vulnerabilities/32726

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-02T22:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-03-02T00:00:00

Link: CVE-2007-1229

JSON object: View

NVD Information

Status : Modified

Published: 2007-03-02T22:19:00.000

Modified: 2018-10-16T16:37:25.063

Link: CVE-2007-1229

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070227 Nullsoft ShoutcastServer Persistant XSS - 0day", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461474/100/0/threaded"}, {"name": "shoutcast-admin-interface-xss(32726)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32726"}, {"name": "20070227 Nullsoft ShoutcastServer Persistant XSS - 0day", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0604.html"}, {"name": "33793", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33793"}, {"name": "24323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24323"}, {"name": "ADV-2007-0775", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0775"}, {"name": "22742", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22742"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070227 Nullsoft ShoutcastServer Persistant XSS - 0day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461474/100/0/threaded"}, {"name": "shoutcast-admin-interface-xss(32726)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32726"}, {"name": "20070227 Nullsoft ShoutcastServer Persistant XSS - 0day", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0604.html"}, {"name": "33793", "refsource": "OSVDB", "url": "http://osvdb.org/33793"}, {"name": "24323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24323"}, {"name": "ADV-2007-0775", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0775"}, {"name": "22742", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22742"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1229", "datePublished": "2007-03-02T22:00:00", "dateReserved": "2007-03-02T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nullsoft:shoutcast_server:1.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "AA2403BB-F601-459E-B7ED-3A4B6C88AB16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Nullsoft ShoutcastServer 1.9.7 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante la URI top-level en el interfaz Incoming (puerto tcp/8001), que no es gestionado apropiadamente en la interfaz de administrador cuando se visualiza el fichero de trazas."}], "id": "CVE-2007-1229", "lastModified": "2018-10-16T16:37:25.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-02T22:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0604.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/33793"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24323"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461474/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22742"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0775"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32726"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}