ID CVE-2003-0053
Summary Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
References
Vulnerable Configurations
  • Apple Darwin Streaming Server 4.1.2
    cpe:2.3:a:apple:darwin_streaming_server:4.1.2
  • Apple Quicktime Streaming Server 4.1.1
    cpe:2.3:a:apple:quicktime_streaming_server:4.1.1
CVSS
Base: 4.3 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family CGI abuses
NASL id QUICKTIME_ADMIN.NASL
description The remote host is running Apple QuickTime Streaming Server. There are multiple flaws in this version : * Remote code execution vulnerability (by default with root privileges) * 2 Cross-Site Scripting vulnerabilities * Path Disclosure vulnerability * Arbitrary Directory listing vulnerability * Buffer overflow in MP3 broadcasting module
last seen 2018-09-02
modified 2018-07-26
plugin id 11278
published 2003-02-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11278
title Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
refmap via4
atstake A032403-1
bid 6958
bugtraq 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
confirm http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
xf quicktime-darwin-parsexml-xss(11404)
Last major update 17-10-2016 - 22:28
Published 07-03-2003 - 00:00
Back to Top