ID CVE-2003-0050
Summary parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
References
Vulnerable Configurations
  • Apple Darwin Streaming Server 4.1.2
    cpe:2.3:a:apple:darwin_streaming_server:4.1.2
  • Apple Quicktime Streaming Server 4.1.1
    cpe:2.3:a:apple:quicktime_streaming_server:4.1.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description QuickTime Streaming Server parse_xml.cgi Remote Execution. CVE-2003-0050. Webapps exploit for cgi platform
id EDB-ID:16891
last seen 2016-02-02
modified 2010-07-03
published 2010-07-03
reporter metasploit
source https://www.exploit-db.com/download/16891/
title QuickTime Streaming Server parse_xml.cgi Remote Execution
metasploit via4
description The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root.
id MSF:EXPLOIT/UNIX/WEBAPP/QTSS_PARSE_XML_EXEC
last seen 2019-03-10
modified 2017-07-24
published 2009-12-09
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb
title QuickTime Streaming Server parse_xml.cgi Remote Execution
nessus via4
NASL family CGI abuses
NASL id QUICKTIME_ADMIN.NASL
description The remote host is running Apple QuickTime Streaming Server. There are multiple flaws in this version : * Remote code execution vulnerability (by default with root privileges) * 2 Cross-Site Scripting vulnerabilities * Path Disclosure vulnerability * Arbitrary Directory listing vulnerability * Buffer overflow in MP3 broadcasting module
last seen 2018-09-02
modified 2018-07-26
plugin id 11278
published 2003-02-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11278
title Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/84525/qtss_parse_xml_exec.rb.txt
id PACKETSTORM:84525
last seen 2016-12-05
published 2009-12-31
reporter H D Moore
source https://packetstormsecurity.com/files/84525/QuickTime-Streaming-Server-parse_xml.cgi-Remote-Execution.html
title QuickTime Streaming Server parse_xml.cgi Remote Execution
refmap via4
atstake A032403-1
bid 6954
bugtraq 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
confirm http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
xf quicktime-darwin-command-execution(11401)
Last major update 17-10-2016 - 22:28
Published 07-03-2003 - 00:00
Back to Top