CVE-2003-1413

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1413
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
apple / quicktime_streaming_server	4.1.1	4.1.1.x
apple / darwin_streaming_server	4.1.2	4.1.2.x

http://securityreason.com/securityalert/3260
http://www.securityfocus.com/archive/1/313517
http://www.securityfocus.com/bid/6992
https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

Vulnerability Database

289,697

CVE-2003-1413