Apple QuickTime Server < 4.1.3 Multiple Vulnerabilities (deprecated)

medium Nessus Network Monitor Plugin ID 2762

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running the Apple Quicktime Streaming Server. This version is vulnerable to an information disclosure bug. Specifically, the parse_xml.cgi script can be coerced into giving away local system information (path, file name, and more). Such information can aid an attacker in more sophisticated attacks. A second flaw would allow an attacker the ability to run arbitrary code on the remote server. Specifically, malformed requests are not properly parsed prior to being logged. When the logs were viewed by a local user, code could be executed with the permissions of the user reading the logs (typically an administrator). The remote server is also reported prone to a remote Cross-Site Scripting (XSS) flaw. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in the theft of confidential data (cookies, authentication materials, and more).

Solution

Upgrade to version 4.1.3 or higher.

Plugin Details

Severity: Medium

ID: 2762

Family: Generic

Published: 3/24/2005

Updated: 9/16/2018

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitable With

Metasploit (QuickTime Streaming Server parse_xml.cgi Remote Execution)

Reference Information

CVE: CVE-2003-0050, CVE-2003-0051, CVE-2003-0052, CVE-2003-0053, CVE-2003-0054, CVE-2003-0055, CVE-2003-1413, CVE-2003-1414

BID: 6954, 6990, 6960, 6956, 6957, 6955, 6958, 6992