CVE-2003-0054

Name of the Vulnerable Software and Affected Versions Apple Darwin Streaming Administration Server version 4.1.2 Apple QuickTime Streaming Server version 4.1.1

Description The issue allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method. This script is inserted into a log file and executed when the log is viewed using a browser.

Recommendations For Apple Darwin Streaming Administration Server version 4.1.2, consider restricting access to port 7070 to minimize the risk of exploitation. For Apple QuickTime Streaming Server version 4.1.1, avoid using the rtsp DESCRIBE method with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.