CVE-2003-1413

Published: Dec 31, 2003Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

Affected (2)

Products: Apple: Darwin Streaming Server, Quicktime Streaming Server

Apple

2 products

Darwin Streaming Server

Quicktime Streaming Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Darwin Streaming Server	Version 4.1.2
Apple Quicktime Streaming Server	Version 4.1.1

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

http://securityreason.com/securityalert/3260

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/313517

Source: cve@mitre.org

http://www.securityfocus.com/bid/6992

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

Source: cve@mitre.org

http://securityreason.com/securityalert/3260

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/313517

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/6992

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.