CVE-2003-1413: Path Traversal
First published: Wed Dec 31 2003(Updated: )
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Darwin | =4.1.2 | |
| Apple Quicktime Streaming Server | =4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1413?
CVE-2003-1413 is considered to be of moderate severity due to its ability to allow unauthorized file access via error message analysis.
How do I fix CVE-2003-1413?
The fix for CVE-2003-1413 involves upgrading to versions that are not vulnerable, specifically version 4.1.2 or later of Apple Darwin Streaming Server.
Which software is affected by CVE-2003-1413?
CVE-2003-1413 affects Apple Darwin Streaming Server version 4.1.1 and Apple Quicktime Streaming Server version 4.1.1.
What type of attack does CVE-2003-1413 facilitate?
CVE-2003-1413 facilitates directory traversal attacks that allow attackers to determine the existence of arbitrary files on the server.
Can CVE-2003-1413 be exploited remotely?
Yes, CVE-2003-1413 can be exploited remotely by attackers sending crafted requests to the affected servers.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/apple
- canonical/apple darwin
- version/apple darwin/4.1.2
- canonical/apple quicktime streaming server
- version/apple quicktime streaming server/4.1.1