VAR-200303-0099
Vulnerability from variot - Updated: 2025-04-03 22:00parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. This may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output. By default, these services listen on port 1220/TCP with root user privileges. The parse_xml.cgi of the Darwin/QuickTime streaming server does not adequately filter user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application program to authenticate and interact with users. This CGI is written in PERL. Because the program uses the open() function incorrectly, an attacker can use this function to open directory nodes under the UNIX operating system, resulting in For information leakage, there are also vulnerabilities that allow attackers to view source code information of WEB scripts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "darwin streaming server",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "4.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave G.\u203b daveg@atstake.com\u203bOllie Whitehouse\u203b ollie@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0052",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6882",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0052",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-032",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6882",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. This may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output. By default, these services listen on port 1220/TCP with root user privileges. The parse_xml.cgi of the Darwin/QuickTime streaming server does not adequately filter user-submitted input. The Darwin stream management server relies on the parse_xml.cgi application program to authenticate and interact with users. This CGI is written in PERL. Because the program uses the open() function incorrectly, an attacker can use this function to open directory nodes under the UNIX operating system, resulting in For information leakage, there are also vulnerabilities that allow attackers to view source code information of WEB scripts",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0052"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "VULHUB",
"id": "VHN-6882"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0052",
"trust": 2.0
},
{
"db": "BID",
"id": "6955",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030224 QUICKTIME/DARWIN STREAMING ADMINISTRATION SERVER MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "11403",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6882",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"id": "VAR-200303-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:00:51.126000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6955"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/11403.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104618904330226\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6882"
},
{
"db": "BID",
"id": "6955"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-6882"
},
{
"date": "2003-02-24T00:00:00",
"db": "BID",
"id": "6955"
},
{
"date": "2003-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"date": "2003-03-07T05:00:00",
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-6882"
},
{
"date": "2015-03-19T09:44:00",
"db": "BID",
"id": "6955"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-032"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Quicktime/Darwin Streaming server parse_xml.cgi Directory list vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-032"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…