CVE-2011-4612

icecast < 2.3.2 - Log Injection via Crafted URL

Title source: llm
STIX 2.1

Description

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

References (4)

Core 4
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=768176
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090695.html
Patch, Vendor Advisory x_refsource_confirm
http://www.icecast.org/

Scores

EPSS 0.0220
EPSS Percentile 80.4%

Details

CWE
CWE-20
Status published
Products (1)
xiph/icecast < 2.3.2
Published Nov 20, 2012
Tracked Since Feb 18, 2026