Denial of Service Vulnerability in Apple Darwin Streaming Server

CVE-2005-2195

Summary

The Apple Darwin Streaming Server versions 5.5 and earlier contain a vulnerability that enables remote attackers to initiate a denial of service condition. This can occur when a crafted URL is provided that includes a filename with a .cgi extension and uses reserved MS-DOS device names, such as AUX, CON, PRN, COM1, or LPT1. Exploitation of this vulnerability can lead to an unexpected application crash, disrupting service availability.

References