Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1414

CWE-22 — Path Traversal4 documents4 sources

Severity

4.3MEDIUM

EPSS

2.7%

top 14.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Darwin Streaming Server Apple Quicktime Streaming Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/darwin_streaming_server4.1.2

▶NVDapple/quicktime_streaming_server4.1.1

🔴Vulnerability Details

GHSA

GHSA-q7jr-h9w5-jgx2: Directory traversal vulnerability in parse_xml↗2022-04-29

▶

CVEList

CVE-2003-1414: Directory traversal vulnerability in parse_xml↗2007-10-20

▶

💥Exploits & PoCs

Exploit-DB

Apple QuickTime/Darwin Streaming Server 4.1.x - 'parse_xml.cgi' File Disclosure↗2003-02-28

▶