Icecast Server Directory Traversal Information Disclosure Vulnerability

Icecast Server Directory Traversal Information Disclosure Vulnerability

Icecast is a freely available, open source streaming audio server. Icecast is available for the Unix, Linux, and Microsoft Windows platforms.

An attacker may exploit a directory traversal vulnerability in Icecast server to determine the existance of a specified directory outside of the web root. This is a result of the server returning different HTTP results for each case.

This issue may be related to a more severe directory traversal issue in earlier versions of Icecast, documented as BID 2932.