Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1413

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2003-1413
Last Modified 05 Sep 2008 04:36:52
Published 31 Dec 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1413

Summary

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

Vulnerable Systems

Application

  • Apple Darwin Streaming Server 4.1.2

  • Apple Quicktime Streaming Server 4.1.1


References

XF - darwin-dotdot-file-existence(11445)

BID - 6992

BUGTRAQ - 20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities

SREASON - 3260


Last Updated: 27 May 2016 10:38:21