Detections
Analytics
Firefly Media Server Limited Directory Traversal Admin Credential Disclosure
high Nessus Plugin ID 29252
Language:
Synopsis
The remote web server is affected by a partial directory traversal vulnerability.Description
The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server.The version of Firefly Media Server installed on the remote Windows host allows an attacker to retrieve arbitrary files, possibly bypassing authentication, from the parent directory of Firefly's 'admin-root' folder, including the application's configuration file.
In addition, Firefly Media Server has been reported to be vulnerable to two denial of service issues. However, Nessus has not checked for these.
Solution
Unknown at this time.See Also
https://www.securityfocus.com/archive/1/484763/30/0/threaded
Plugin Details
Severity: High
ID: 29252
File Name: firefly_dir_traversal.nasl
Version: 1.16
Type: remote
Family: CGI abuses
Published: 12/10/2007
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Host/OS
Exploit Ease: No known exploits are available
Exploited by Nessus: true
Reference Information
BID: 26770