Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". This vulnerability is addressed in the following product releases:
Nullsoft, SHOUTcast DSP, 1.9.6
Nullsoft, SHOUTcast DSP, 1.9.7
Publication date: Thu, 13 Jul 2006 02:05:00 +0000