ID
VAR-200303-0099
CVE
CVE-2003-0052
TITLE
Apple Quicktime/Darwin Streaming server parse_xml.cgi Directory list vulnerability
Trust: 0.6
DESCRIPTION
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. This may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output. By default, these services listen on port 1220/TCP with root user privileges. The parse_xml.cgi of the Darwin/QuickTime streaming server does not adequately filter user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application program to authenticate and interact with users. This CGI is written in PERL. Because the program uses the open() function incorrectly, an attacker can use this function to open directory nodes under the UNIX operating system, resulting in For information leakage, there are also vulnerabilities that allow attackers to view source code information of WEB scripts
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | apple | model: | quicktime streaming server | scope: | eq | version: | 4.1.1 | Trust: 1.9 |
| vendor: | apple | model: | darwin streaming server | scope: | eq | version: | 4.1.2 | Trust: 1.9 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2003-0052 | Trust: 2.0 |
| db: | BID | id: | 6955 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200303-032 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES | Trust: 0.6 |
| db: | XF | id: | 11403 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-6882 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/6955 | Trust: 1.7 |
| url: | http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/11403.php | Trust: 1.7 |
| url: | http://marc.info/?l=bugtraq&m=104618904330226&w=2 | Trust: 1.1 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2 | Trust: 0.6 |
| url: | http://www.info.apple.com/usen/security/security_updates.html | Trust: 0.3 |
| url: | - | Trust: 0.1 |
CREDITS
Dave G.※ daveg@atstake.com※Ollie Whitehouse※ ollie@atstake.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-6882 |
| db: | BID | id: | 6955 |
| db: | CNNVD | id: | CNNVD-200303-032 |
| db: | NVD | id: | CVE-2003-0052 |
LAST UPDATE DATE
2024-08-14T12:54:48.090000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-6882 | date: | 2016-10-18T00:00:00 |
| db: | BID | id: | 6955 | date: | 2015-03-19T09:44:00 |
| db: | CNNVD | id: | CNNVD-200303-032 | date: | 2005-05-13T00:00:00 |
| db: | NVD | id: | CVE-2003-0052 | date: | 2016-10-18T02:28:49.827 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-6882 | date: | 2003-03-07T00:00:00 |
| db: | BID | id: | 6955 | date: | 2003-02-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-200303-032 | date: | 2003-02-24T00:00:00 |
| db: | NVD | id: | CVE-2003-0052 | date: | 2003-03-07T05:00:00 |