Published: 31/12/2003 Updated: 29/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote malicious users to read arbitrary files via a ... (triple dot) in the filename parameter.

Affected Products


source: wwwsecurityfocuscom/bid/6990/info A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xmlcgi script Information obtained in this manner may be used by an attacker to launch more organinzed attacks a ...