CVE-2005-0837 in IceCastinfo

Summary

by MITRE

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/04/2025

The vulnerability identified as CVE-2005-0837 affects IceCast 2.20, a widely used open source streaming media server that supports various audio and video formats. This particular flaw represents a path traversal and information disclosure vulnerability that can be exploited by remote attackers to gain unauthorized access to sensitive XSL (Extensible Stylesheet Language) files stored on the server. The vulnerability stems from inadequate input validation and file handling mechanisms within the server's processing logic, specifically when handling requests for XSL files with malformed path specifications.

The technical implementation of this vulnerability exploits a weakness in how IceCast processes file requests containing trailing dots in the filename extension. When a remote attacker submits a request for a .xsl file with a trailing dot character, the server fails to properly sanitize the input and instead processes the request through its XSL parser bypass mechanism. This allows the attacker to circumvent normal access controls and retrieve the source code of XSL files that would typically be protected or restricted. The flaw operates at the application layer and demonstrates a classic case of improper input validation where the server does not adequately check the legitimacy of file path specifications before processing them.

The operational impact of this vulnerability extends beyond simple information disclosure, as XSL files often contain sensitive processing logic, transformation rules, and potentially proprietary styling information that could be exploited by attackers. The ability to obtain XSL source code provides adversaries with detailed knowledge of the server's processing pipeline and can facilitate further exploitation attempts. This vulnerability aligns with CWE-22 Path Traversal and CWE-200 Information Disclosure categories, representing a significant security risk in environments where IceCast servers handle confidential or proprietary content. The attack vector requires no authentication and can be executed remotely, making it particularly dangerous for publicly accessible streaming servers.

Organizations utilizing IceCast 2.20 should implement immediate mitigations including upgrading to patched versions of the software, implementing proper input validation mechanisms, and configuring access controls that restrict direct file access. Network-level protections such as firewalls and intrusion detection systems can help monitor for suspicious requests containing trailing dots in file extensions. The vulnerability also highlights the importance of following secure coding practices and input sanitization techniques as outlined in the OWASP Top Ten and MITRE ATT&CK framework for application security. Regular security assessments and vulnerability scanning should be conducted to identify similar flaws in other components of the streaming infrastructure that might provide similar attack vectors for information disclosure and privilege escalation.

Reservation

03/22/2005

Disclosure

05/02/2005

Moderation

accepted

Entry

VDB-24656

CPE

ready

EPSS

0.02450

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!