Details of VAR-200507-0116

ID

VAR-200507-0116

CVE

CVE-2005-2195

TITLE

Apple Darwin Streaming Server Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200507-202

DESCRIPTION

Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. Darwin Streaming Server is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Apple Darwin Streaming Server Web Admin Denial of Service SECUNIA ADVISORY ID: SA16056 VERIFY ADVISORY: http://secunia.com/advisories/16056/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Darwin Streaming Server 5.x http://secunia.com/product/3085/ DESCRIPTION: Sowhat has reported a vulnerability in Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the web-based admin interface when handling HTTP requests containing MS-DOS device names with ".cgi" extension appended (e.g. AUX.cgi). Successful exploitation causes the service to stop responding. The vulnerability has been reported in versions 5.5 and prior for Windows. SOLUTION: Update to version 5.5.1. PROVIDED AND/OR DISCOVERED BY: Sowhat ORIGINAL ADVISORY: http://secway.org/Advisory/AD20050713.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-2195 // BID: 89742 // VULHUB: VHN-13404 // PACKETSTORM: 38651

AFFECTED PRODUCTS

vendor:	apple	model:	darwin streaming server	scope:	lte	version:	5.5	Trust: 1.0
vendor:	apple	model:	darwin streaming server	scope:	eq	version:	5.5	Trust: 0.6

sources: CNNVD: CNNVD-200507-202 // NVD: CVE-2005-2195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2195
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200507-202
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13404
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-2195
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13404
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13404 // CNNVD: CNNVD-200507-202 // NVD: CVE-2005-2195

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200507-202

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200507-202

EXTERNAL IDS

db:	SECTRACK	id:	1014474	Trust: 2.0
db:	NVD	id:	CVE-2005-2195	Trust: 2.0
db:	SECUNIA	id:	16056	Trust: 1.8
db:	CNNVD	id:	CNNVD-200507-202	Trust: 0.7
db:	BUGTRAQ	id:	20050713 APPLE DARWIN STREAMING SERVER WEB ADMIN REMOTE DENIAL OF SERIVCE	Trust: 0.6
db:	BID	id:	89742	Trust: 0.4
db:	VULHUB	id:	VHN-13404	Trust: 0.1
db:	PACKETSTORM	id:	38651	Trust: 0.1

sources: VULHUB: VHN-13404 // BID: 89742 // PACKETSTORM: 38651 // CNNVD: CNNVD-200507-202 // NVD: CVE-2005-2195

REFERENCES

url:	http://secway.org/advisory/ad20050713.txt	Trust: 2.1
url:	http://securitytracker.com/id?1014474	Trust: 2.0
url:	http://secunia.com/advisories/16056	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=112126999514361&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=112126999514361&w=2	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=112126999514361&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/16056/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/product/3085/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-13404 // BID: 89742 // PACKETSTORM: 38651 // CNNVD: CNNVD-200507-202 // NVD: CVE-2005-2195

CREDITS

Sowhat smaillist@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200507-202

SOURCES

db:	VULHUB	id:	VHN-13404
db:	BID	id:	89742
db:	PACKETSTORM	id:	38651
db:	CNNVD	id:	CNNVD-200507-202
db:	NVD	id:	CVE-2005-2195

LAST UPDATE DATE

2024-08-14T15:31:10.160000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13404	date:	2016-10-18T00:00:00
db:	BID	id:	89742	date:	2005-07-18T00:00:00
db:	CNNVD	id:	CNNVD-200507-202	date:	2005-10-25T00:00:00
db:	NVD	id:	CVE-2005-2195	date:	2016-10-18T03:25:44.990

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13404	date:	2005-07-18T00:00:00
db:	BID	id:	89742	date:	2005-07-18T00:00:00
db:	PACKETSTORM	id:	38651	date:	2005-07-14T05:33:32
db:	CNNVD	id:	CNNVD-200507-202	date:	2005-07-18T00:00:00
db:	NVD	id:	CVE-2005-2195	date:	2005-07-18T04:00:00