Vulnerability Description
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Darwin Streaming Server | 4.1.2 |
| Apple | Quicktime Streaming Server | 4.1.1 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3260
- http://www.securityfocus.com/archive/1/313517
- http://www.securityfocus.com/bid/6992Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11445
- http://securityreason.com/securityalert/3260
- http://www.securityfocus.com/archive/1/313517
- http://www.securityfocus.com/bid/6992Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11445
FAQ
What is CVE-2003-1413?
CVE-2003-1413 is a vulnerability with a CVSS score of 4.3 (MEDIUM). parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting...
How severe is CVE-2003-1413?
CVE-2003-1413 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1413?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Darwin Streaming Server, Apple Quicktime Streaming Server.