Apple QuickTime < 4.1.4 Directory Traversal, Denial of Service, and Script Disclosure Vulnerabilities (deprecated)

Medium Nessus Network Monitor Plugin ID 2763

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running the Apple Quicktime Streaming Server. This version is vulnerable to a remote directory traversal flaw. An attacker exploiting this flaw would be able to access data outside of the web root. In addition, several remote denial of service (DoS) flaws have been reported in this version of QTSS. Thirdly, this version of QTSS has been reported prone to script disclosure attacks. An attacker exploiting this flaw would be able to read script source code. This could lead to more sophisticated attacks.

Solution

Upgrade to Apple Quicktime Server 4.1.4 or higher.

Plugin Details

Severity: Medium

ID: 2763

File Name: 2763.prm

Family: Generic

Published: 2005/03/24

Modified: 2015/06/01

Dependencies: 2761

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 8.5

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:C

Reference Information

CVE: CVE-2003-0424, CVE-2003-0423, CVE-2003-0425, CVE-2003-0422, CVE-2004-0169

BID: 8260, 7659, 8256, 8258, 8257, 9735

OSVDB: 6826, 6837