header-logo
Suggest Exploit
vendor:
QuickTime/Darwin Streaming Server
by:
SecurityFocus
7.5
CVSS
HIGH
File Retrieval Vulnerability
N/A
CWE
Product Name: QuickTime/Darwin Streaming Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

File Retrieval Vulnerability

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organized attacks against a vulnerable system.

Mitigation:

Ensure that all parameters given to the parse_xml.cgi script are properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6990/info

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.

This vulnerability was tested on SS for Microsoft Windows systems. 

http://localhost:1220/parse_xml.cgi?filename=.../qtusers

Navigation

Suggest Exploit

Services By CQR