Vulnerabilities > CVE-2003-0053 - Unspecified vulnerability in Apple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus

Summary

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

Vulnerable Configurations

Part Description Count
Application
Apple
2

Nessus

NASL familyCGI abuses
NASL idQUICKTIME_ADMIN.NASL
descriptionThe remote host is running Apple QuickTime Streaming Server. There are multiple flaws in this version : * Remote code execution vulnerability (by default with root privileges) * 2 Cross-Site Scripting vulnerabilities * Path Disclosure vulnerability * Arbitrary Directory listing vulnerability * Buffer overflow in MP3 broadcasting module
last seen2020-06-01
modified2020-06-02
plugin id11278
published2003-02-28
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11278
titleApple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

# Original plugin was written by Michael Scheidell
#
# http://web.archive.org/web/20050406013934/http://www.atstake.com/research/advisories/2003/a022403-1.txt


include("compat.inc");

if(description)
{
 script_id(11278);
 script_version("1.36");

 script_cve_id("CVE-2003-0050", "CVE-2003-0051", "CVE-2003-0052", "CVE-2003-0053",
               "CVE-2003-0054", "CVE-2003-0055", "CVE-2003-1414");
 script_bugtraq_id(6954, 6955, 6956, 6957, 6958, 6960, 6990);
 
 script_name(english:"Apple QuickTime/Darwin Streaming Server Multiple Remote Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote server is vulnerable to several flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Apple QuickTime Streaming Server.

There are multiple flaws in this version :

* Remote code execution vulnerability (by default with root privileges)
* 2 Cross-Site Scripting vulnerabilities
* Path Disclosure vulnerability
* Arbitrary Directory listing vulnerability 
* Buffer overflow in MP3 broadcasting module" );
 script_set_attribute(attribute:"see_also", value:"http://www.atstake.com/research/advisories/2003/a022403-1.txt" );
 script_set_attribute(attribute:"solution", value:
"Install patches from Apple or disable access to this service." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"metasploit_name", value:'QuickTime Streaming Server parse_xml.cgi Remote Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_cwe_id(22);
 script_set_attribute(attribute:"plugin_publication_date", value: "2003/02/28");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/23");
 script_cvs_date("Date: 2018/07/26 13:32:42");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
 script_end_attributes();
 
 script_summary(english:"Checks QuickTime/Darwin server for parse_xml.cgi");
 
 script_category(ACT_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("find_service1.nasl", "http_version.nasl","no404.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 1220);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


if ( thorough_tests )
{
 extra_list = make_list ("/AdminHTML");
}
else
  extra_list = NULL;

http_check_remote_code (
			default_port:1220,
			extra_dirs: extra_list,
			check_request:"/parse_xml.cgi?action=login&filename=frameset.html|id%00|",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id",
			xss: 1
			);