CVE-2003-1413

Currently unrated

Key Information:

Vendor: Apple
Status: Quicktime Streaming Server; Darwin Streaming Server
Vendor: CVE Published:; 31 December 2003

Summary

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

References

http://securityreason.com/securityalert/3260

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/313517

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Oct 19, 2007
Vulnerability published
Dec 31, 2003