Vulnerability Details : CVE-2003-0050
Public exploit exists!
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
Vulnerability category: Execute code
Products affected by CVE-2003-0050
- cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0050
87.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2003-0050
-
QuickTime Streaming Server parse_xml.cgi Remote Execution
Disclosure Date: 2003-02-24First seen: 2020-04-26exploit/unix/webapp/qtss_parse_xml_execThe QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2003-0050
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2003-0050
-
http://www.iss.net/security_center/static/11401.php
Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
-
http://marc.info/?l=bugtraq&m=104618904330226&w=2
-
http://www.securityfocus.com/bid/6954
Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability
Jump to