CVE-2003-0054

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

apple

darwin

streaming

administration

server

quicktime

remote

code execution

cve-2003-0054

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.

Affected configurations

NVD

Node

appledarwin_streaming_serverMatch4.1.2

applequicktime_streaming_serverMatch4.1.1

CPENameOperatorVersion
apple:darwin_streaming_serverapple darwin streaming servereq4.1.2
apple:quicktime_streaming_serverapple quicktime streaming servereq4.1.1