Summary
Flussonic Media Server 4.3.3 Multiple Vulnerabilities
Impact
It's possible to read any files/directories from the server (with the application's user's permissions) by a simple HTTP GET request.
Solution
Update to Flussonic Media Server 4.3.4
Insight
Flussonic Media Server is prone to a:
1. Arbitrary File Read (Unauthenticated)
2. Arbitrary Directory Listing (Authenticated)
Affected
Flussonic Media Server 4.3.3
Detection
Send a HTTP GET request and check the response
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Directory Traversal Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- AjaxPortal 'di.php' File Inclusion Vulnerability