ID CVE-2003-0052
Summary parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
References
Vulnerable Configurations
  • Apple Darwin Streaming Server 4.1.2
    cpe:2.3:a:apple:darwin_streaming_server:4.1.2
  • Apple Quicktime Streaming Server 4.1.1
    cpe:2.3:a:apple:quicktime_streaming_server:4.1.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family CGI abuses
NASL id QUICKTIME_ADMIN.NASL
description The remote host is running Apple QuickTime Streaming Server. There are multiple flaws in this version : * Remote code execution vulnerability (by default with root privileges) * 2 Cross-Site Scripting vulnerabilities * Path Disclosure vulnerability * Arbitrary Directory listing vulnerability * Buffer overflow in MP3 broadcasting module
last seen 2018-09-02
modified 2018-07-26
plugin id 11278
published 2003-02-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11278
title Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
refmap via4
atstake A032403-1
bid 6955
bugtraq 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
confirm http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
xf quicktime-darwin-directory-disclosure(11403)
Last major update 17-10-2016 - 22:28
Published 07-03-2003 - 00:00
Back to Top