Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability

Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.

This vulnerability was tested on SS for Microsoft Windows systems.