[icecast] insecure html templates
Jerome Alet
alet at unice.fr
Mon Oct 8 14:28:55 UTC 2001
Hi,
the default html templates for icecast 1.3.11 from Debian reveals
pathnames on the server, e.g. the directory from which static files are
streamed. Not sure if this is the case with the original version's
templates, however.
the templates causing problem are those accessible from list.cgi :
list_directory.html
mountlist.html
list.cgi is accessible even with web administration disabled, and by
default it shouldn't reveal servers paths IMHO.
hth.
PS: does somebody has a searchable or downloadable mail archive ?
Jerome Alet - alet at unice.fr - http://cortex.unice.fr/~jerome
Fac de Medecine de Nice http://wwwmed.unice.fr
Tel: (+33) 4 93 37 76 30 Fax: (+33) 4 93 53 15 15
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast
mailing list