ID
VAR-200712-0450
TITLE
Firefly Multiple Information Disclosure and Denial of Service Vulnerabilities
Trust: 0.6
DESCRIPTION
Firefly is an open source media server used by Roku SoundBridge and iTunes. There are multiple security vulnerabilities such as information disclosure and denial of service in Firefly: ------------------------------------ -----A] Directory traversal on Windows platform -------------------------------------- --- If you use 3 periods in the HTTP request, you can get the specific file in the parent directory of Firefly's management root folder, that is, the attacker can download all the configuration files of the server or firefly.log and other files. Mt-daapd.conf file. This vulnerability can only be exploited on Windows servers. -----------------------------------B] Windows platform bypasses certification -------- --------------------------- If the server is password protected, an unauthenticated remote attacker can have a \"/\" position before the URI. Use the period (\".\"), backslash (\"\\\"), or blank (GET file.txt HTTP/1.0) to download the files in the management root folder. This vulnerability can only be exploited on Windows servers. ----------------------------------------------C] Copy HTTP Parameter Denial Service --------------------------------------------- Send Two or more HTTP parameters with the same name (such as two Host or User-Agent) can cause the server to terminate. -----------------------------------D] Partial query results in 100% CPU usage ----- ------------------------------ The remote attacker connects to the server and sends the first line of the request (GET/HTTP/1.0) This can cause the server's CPU to reach 100% until it is disconnected from the server. Firefly Media Server is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to handle specially crafted HTTP GET requests. Attackers can exploit these issues to access potentially sensitive information, crash the server, or consume excessive resources. Successful exploits could aid in further attacks or deny service to legitimate users
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
| vendor: | firefly | model: | media server firefly media server | scope: | eq | version: | 0.2.41 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
remote
Trust: 0.6
TYPE
Failure to Handle Exceptional Conditions
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 26770 | Trust: 1.5 |
| db: | CNVD | id: | CNVD-2007-6919 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201503-514 | Trust: 0.6 |
REFERENCES
| url: | http://marc.info/?l=bugtraq&m=119706669307492&w=2 | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/26770 | Trust: 0.6 |
| url: | http://www.fireflymediaserver.org/index.php | Trust: 0.3 |
| url: | /archive/1/484763 | Trust: 0.3 |
CREDITS
Luigi Auriemma is credited with the discovery of these issues.
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2007-6919 |
| db: | BID | id: | 26770 |
| db: | CNNVD | id: | CNNVD-201503-514 |
LAST UPDATE DATE
2022-05-17T01:58:12.639000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2007-6919 | date: | 2014-01-24T00:00:00 |
| db: | BID | id: | 26770 | date: | 2015-03-19T08:52:00 |
| db: | CNNVD | id: | CNNVD-201503-514 | date: | 2015-03-25T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2007-6919 | date: | 2007-12-07T00:00:00 |
| db: | BID | id: | 26770 | date: | 2007-12-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201503-514 | date: | 2007-12-07T00:00:00 |