VAR-200303-0098
Vulnerability from variot - Updated: 2025-04-03 19:37parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. Under some circumstances, it may be possible to reveal the physical path that the vulnerable server is installed too. Access to this information may aid in launching more organized attacks against system resources. This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID. By default, these services listen on port 1220/TCP with root user privileges. If an attacker passes NULL as the file name parameter and submits it to the parse_xml.cgi script, the script will return information including the physical path where the service program is installed, and the attacker can use this information to further attack the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "darwin streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "quicktime streaming server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "6956"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave G.\u203b daveg@atstake.com\u203bOllie Whitehouse\u203b ollie@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0051",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0051",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0051",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6881",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6881"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server\u0027s installation path via a NULL file parameter. Under some circumstances, it may be possible to reveal the physical path that the vulnerable server is installed too. Access to this information may aid in launching more organized attacks against system resources. \nThis vulnerability was originally described in BID 6932 \"Multiple Remote\nQuickTime/Darwin Streaming Administration Server Vulnerabilities\". It is\nnow being assigned a separate BID. By default, these services listen on port 1220/TCP with root user privileges. If an attacker passes NULL as the file name parameter and submits it to the parse_xml.cgi script, the script will return information including the physical path where the service program is installed, and the attacker can use this information to further attack the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0051"
},
{
"db": "BID",
"id": "6956"
},
{
"db": "VULHUB",
"id": "VHN-6881"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6956",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0051",
"trust": 2.0
},
{
"db": "BUGTRAQ",
"id": "20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "11402",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6881",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6881"
},
{
"db": "BID",
"id": "6956"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"id": "VAR-200303-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6881"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T19:37:41.461000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6956"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/11402.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6881"
},
{
"db": "BID",
"id": "6956"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6881"
},
{
"db": "BID",
"id": "6956"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-6881"
},
{
"date": "2003-02-24T00:00:00",
"db": "BID",
"id": "6956"
},
{
"date": "2003-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"date": "2003-03-07T05:00:00",
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-6881"
},
{
"date": "2009-07-11T20:06:00",
"db": "BID",
"id": "6956"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-036"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime/Darwin Streaming server parse_xml.cgi Remote path leak vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-036"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…