ID CVE-2005-2195
Summary Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:darwin_streaming_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:4.1.3g:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:4.1.3g:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:darwin_streaming_server:5.5:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:darwin_streaming_server:5.5:-:windows:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2016 - 03:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bugtraq 20050713 APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce
misc http://secway.org/Advisory/AD20050713.txt
sectrack 1014474
secunia 16056
Last major update 18-10-2016 - 03:25
Published 18-07-2005 - 04:00
Last modified 18-10-2016 - 03:25
Back to Top