Vulnerability Details : CVE-2003-0050
Public exploit exists!
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2003-0050
Probability of exploitation activity in the next 30 days: 65.93%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2003-0050
-
QuickTime Streaming Server parse_xml.cgi Remote Execution
Disclosure Date: 2003-02-24First seen: 2020-04-26exploit/unix/webapp/qtss_parse_xml_execThe QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2003-0050
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2003-0050
-
http://www.iss.net/security_center/static/11401.php
Vendor Advisory
- http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
- http://marc.info/?l=bugtraq&m=104618904330226&w=2
-
http://www.securityfocus.com/bid/6954
Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability
Products affected by CVE-2003-0050
- cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*