Path Disclosure Vulnerability in Apple Darwin Streaming Server and QuickTime Streaming Server
CVE-2003-0051

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 7 March 2003

What is CVE-2003-0051?

The parse_xml.cgi script in both Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 has a vulnerability that allows remote attackers to exploit a NULL file parameter. This exploit can lead to information disclosure, specifically obtaining the physical path of the server's installation. This could facilitate further attacks or provide sensitive information about the server environment.

References

http://lists.apple.com/archives/security-announce/2003/Fe...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/6956

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=104618904330226&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2003
Vulnerability Reserved
Jan 28, 2003