Test Kennung:	1.3.6.1.4.1.25623.1.0.11278
Kategorie:	Gain a shell remotely
Titel:	Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities
Zusammenfassung:	QuickTime/Darwin streaming administration server is prone to; multiple vulnerabilities.
Beschreibung:	Summary: QuickTime/Darwin streaming administration server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2003-0050, CVE-2003-0054: Remote command execution (RCE) - CVE-2003-0051, CVE-2003-0052: Information disclosure - CVE-2003-0053: Cross-site scripting (XSS) - CVE-2003-0055: Buffer overflow - CVE-2003-1414: Directory traversal This is due to parsing problems with the following script: parse_xml.cgi. The worst of these vulnerabilities allows for remote command execution usually as root or administrator. These servers are installed by default on port 1220. Solution: Obtain a patch or new software from Apple or block this port (TCP 1220) from internet access. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0050 @stake Security Advisory: A032403-1 BugTraq ID: 6954 http://www.securityfocus.com/bid/6954 Bugtraq: 20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=104618904330226&w=2 http://www.iss.net/security_center/static/11401.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0051 BugTraq ID: 6956 http://www.securityfocus.com/bid/6956 http://www.iss.net/security_center/static/11402.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0052 BugTraq ID: 6955 http://www.securityfocus.com/bid/6955 http://www.iss.net/security_center/static/11403.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0053 BugTraq ID: 6958 http://www.securityfocus.com/bid/6958 http://www.iss.net/security_center/static/11404.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0054 BugTraq ID: 6960 http://www.securityfocus.com/bid/6960 http://www.iss.net/security_center/static/11405.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0055 BugTraq ID: 6957 http://www.securityfocus.com/bid/6957 http://www.iss.net/security_center/static/11406.php Common Vulnerability Exposure (CVE) ID: CVE-2003-1414 BugTraq ID: 6990 http://www.securityfocus.com/bid/6990 Bugtraq: 20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/313517 http://securityreason.com/securityalert/3260 XForce ISS Database: darwin-dotdotdot-directory-traversal(11446) https://exchange.xforce.ibmcloud.com/vulnerabilities/11446
Copyright	Copyright (C) 2005 Michael Scheidell

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.