Source Code Exposure in Apple QuickTime and Darwin Streaming Server
CVE-2003-0424

Currently unrated

Key Information:

Vendor: Apple
Status: Darwin Streaming Server
Vendor: CVE Published:; 27 August 2003

Summary

Apple QuickTime and the Darwin Streaming Server prior to version 4.1.3f contain a vulnerability that enables remote attackers to retrieve the source code of scripts. This may be achieved by appending encoded characters, such as space (%20) or dot (%2e), to HTTP requests targeting specific script files, such as view_broadcast.cgi. This exposure could potentially lead to further exploitation or data leakage.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://www.rapid7.com/advisories/R7-0015.html

x_refsource_MISC

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Jun 11, 2003