var-200303-0099
Vulnerability from variot
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. This may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output. By default, these services listen on port 1220/TCP with root user privileges. The parse_xml.cgi of the Darwin/QuickTime streaming server does not adequately filter user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application program to authenticate and interact with users. This CGI is written in PERL. Because the program uses the open() function incorrectly, an attacker can use this function to open directory nodes under the UNIX operating system, resulting in For information leakage, there are also vulnerabilities that allow attackers to view source code information of WEB scripts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "darwin streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave G.\u203b daveg@atstake.com\u203bOllie Whitehouse\u203b ollie@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0052",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6882",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0052",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-032",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6882",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. This may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output. By default, these services listen on port 1220/TCP with root user privileges. The parse_xml.cgi of the Darwin/QuickTime streaming server does not adequately filter user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application program to authenticate and interact with users. This CGI is written in PERL. Because the program uses the open() function incorrectly, an attacker can use this function to open directory nodes under the UNIX operating system, resulting in For information leakage, there are also vulnerabilities that allow attackers to view source code information of WEB scripts",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0052"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "VULHUB",
"id": "VHN-6882"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0052",
"trust": 2.0
},
{
"db": "BID",
"id": "6955",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "11403",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6882",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"id": "VAR-200303-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T21:26:05.899000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/6955"
},
{
"trust": 2.7,
"url": "http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt"
},
{
"trust": 2.7,
"url": "http://www.iss.net/security_center/static/11403.php"
},
{
"trust": 2.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-6882"
},
{
"date": "2003-02-24T00:00:00",
"db": "BID",
"id": "6955"
},
{
"date": "2003-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"date": "2003-03-07T05:00:00",
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-6882"
},
{
"date": "2015-03-19T09:44:00",
"db": "BID",
"id": "6955"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"date": "2024-11-20T23:43:49.970000",
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime/Darwin Streaming server parse_xml.cgi Directory list vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…