Remote Code Execution via Log File in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1

Remote Code Execution via Log File in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1

CVE-2003-0054 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.

Learn more about our Cis Benchmark Audit For Server Software.