CVE-2003-1414

Description

Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.

Affected products

• Apple / darwin_streaming_server4.1.2 – 4.1.2
• Apple / quicktime_streaming_server4.1.1 – 4.1.1

References

• MISChttp://securityreason.com/securityalert/3260
• MISChttp://www.securityfocus.com/archive/1/313517
• MISChttp://www.securityfocus.com/bid/6990
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/11446