Remote Code Execution via Log File in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1
CVE-2003-0054 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
Learn more about our Cis Benchmark Audit For Server Software.