Remote Code Execution in Apple Darwin Streaming Administration Server and QuickTime Streaming Server
CVE-2003-0054

Currently unrated

Key Information:

Vendor
Apple
Status
Quicktime Streaming Server
Darwin Streaming Server
Vendor
CVE Published:
7 March 2003

Summary

A vulnerability in Apple Darwin Streaming Administration Server and QuickTime Streaming Server allows remote attackers to execute arbitrary code. By crafting a specific request to port 7070 with a malicious script in an argument to the RTSP DESCRIBE method, attackers can insert the script into a log file. This code is later executed when the log is accessed via a web browser, potentially compromising the affected server. Users are advised to apply available patches to mitigate this risk and protect their systems from exploitation.

References

http://lists.apple.com/archives/security-announce/2003/Fe...
x_refsource_CONFIRM
http://www.iss.net/security_center/static/11405.php
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/6960
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2003-0054 : Remote Code Execution in Apple Darwin Streaming Administration Server and QuickTime Streaming Server | SecurityVulnerability.io