• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apple QuickTime/Darwin Streaming Server parse_xml.cgi Remote Path Disclosure Vulnerability

A problem with the QuickTime Streaming Administration Server could make it possible for a remote user to gain potentially sensitive system information.

It has been reported that the 'parse_xml.cgi' application used by QuickTime Streaming Administration Server may return information to users that is sensitive in nature. Under some circumstances, it may be possible to reveal the physical path that the vulnerable server is installed too. Access to this information may aid in launching more organized attacks against system resources.

This vulnerability was originally described in BID 6932 "Multiple Remote
QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is
now being assigned a separate BID.