Vulnerabilities > CVE-2005-2195 - Denial-Of-Service vulnerability in Darwin Streaming Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

apple

NVD

Published: 2005-07-18

Updated: 2016-10-18

Summary

Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Darwin Streaming Server - Apple Darwin Streaming Server 4.1 Apple Darwin Streaming Server 4.1.2 Apple Darwin Streaming Server 4.1.3 Apple Darwin Streaming Server 4.1.3G Apple Darwin Streaming Server 5.0.0 Apple Darwin Streaming Server 5.0.1 Apple Darwin Streaming Server 5.5	9

References

http://marc.info/?l=bugtraq&m=112126999514361&w=2
http://secunia.com/advisories/16056
http://securitytracker.com/id?1014474
http://secway.org/Advisory/AD20050713.txt