CVE-2003-1413

CVE Database · CVE-2003-1413

CVE-2003-1413

· N/AModified

CVSS v3.1

N/A

EPSS

1.21%

Published

Dec 31, 2003

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

Weaknesses (CWE)

CWE-22

Affected Products (2)

apple · darwin_streaming_servervulnerable

apple · quicktime_streaming_servervulnerable

References (8)

http://securityreason.com/securityalert/3260

http://www.securityfocus.com/archive/1/313517

http://www.securityfocus.com/bid/6992

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

http://securityreason.com/securityalert/3260

http://www.securityfocus.com/archive/1/313517

http://www.securityfocus.com/bid/6992

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11445

KEV Catalog EPSS Scores Vendors All CVEs