Details of VAR-200312-0380

ID

VAR-200312-0380

CVE

CVE-2003-1413

TITLE

Apple QuickTime/Darwin Streaming Server Remote file leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-163

DESCRIPTION

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. It has been reported that the QuickTime/Darwin Streaming Server reveals information that may be sensitive. When certain requests are made, a difference in reponses could make possible for an attacker to gain information about the local host. There is a vulnerability in parse_xml.cgi of Apple Darwin Streaming Server 4.1.1

Trust: 1.26

sources: NVD: CVE-2003-1413 // BID: 6992 // VULHUB: VHN-8238

AFFECTED PRODUCTS

vendor:	apple	model:	darwin streaming server	scope:	eq	version:	4.1.2	Trust: 1.9
vendor:	apple	model:	quicktime streaming server	scope:	eq	version:	4.1.1	Trust: 1.6

sources: BID: 6992 // CNNVD: CNNVD-200312-163 // NVD: CVE-2003-1413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1413
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8238
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1413
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8238
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8238 // CNNVD: CNNVD-200312-163 // NVD: CVE-2003-1413

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.1

sources: VULHUB: VHN-8238 // NVD: CVE-2003-1413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-163

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200312-163

EXTERNAL IDS

db:	BID	id:	6992	Trust: 2.0
db:	SREASON	id:	3260	Trust: 1.7
db:	NVD	id:	CVE-2003-1413	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-163	Trust: 0.7
db:	XF	id:	11445	Trust: 0.6
db:	BUGTRAQ	id:	20030228 RE: QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-8238	Trust: 0.1

sources: VULHUB: VHN-8238 // BID: 6992 // CNNVD: CNNVD-200312-163 // NVD: CVE-2003-1413

REFERENCES

url:	http://www.securityfocus.com/bid/6992	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/313517	Trust: 1.7
url:	http://securityreason.com/securityalert/3260	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11445	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/11445	Trust: 0.6
url:	/archive/1/313517	Trust: 0.3

sources: VULHUB: VHN-8238 // BID: 6992 // CNNVD: CNNVD-200312-163 // NVD: CVE-2003-1413

CREDITS

Discovery credited to "Joe Testa" <Joe_Testa@rapid7.com>.

Trust: 0.9

sources: BID: 6992 // CNNVD: CNNVD-200312-163

SOURCES

db:	VULHUB	id:	VHN-8238
db:	BID	id:	6992
db:	CNNVD	id:	CNNVD-200312-163
db:	NVD	id:	CVE-2003-1413

LAST UPDATE DATE

2024-08-14T13:51:17.964000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8238	date:	2017-07-29T00:00:00
db:	BID	id:	6992	date:	2003-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200312-163	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1413	date:	2017-07-29T01:29:10.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8238	date:	2003-12-31T00:00:00
db:	BID	id:	6992	date:	2003-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200312-163	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1413	date:	2003-12-31T05:00:00