Summary
Flussonic Media Server 4.3.3 Multiple Vulnerabilities
Impact
It's possible to read any files/directories from the server (with the application's user's permissions) by a simple HTTP GET request.
Solution
Update to Flussonic Media Server 4.3.4
Insight
Flussonic Media Server is prone to a:
1. Arbitrary File Read (Unauthenticated)
2. Arbitrary Directory Listing (Authenticated)
Affected
Flussonic Media Server 4.3.3
Detection
Send a HTTP GET request and check the response
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability
- ArticleFR CMS Multiple Vulnerabilities - Jan15
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities