Cross site scripting, buffer overflow and remote command execution on QuickTime/Darwin Streaming Administration Server. This is due to parsing problems with per script: parse_xml.cgi. The worst of these vulnerabilities allows for remote command execution usually as root or administrator. These servers are installed by default on port 1220. See: http://www.atstake.com/research/advisories/2003/a022403-1.txt
Obtain a patch or new software from Apple or block this port (TCP 1220) from internet access. *** OVS reports this vulnerability using only *** information that was gathered. Only the existance *** of the potentially vulnerable cgi script was tested.
CVE CVE-2003-0050, CVE-2003-0051, CVE-2003-0052, CVE-2003-0053, CVE-2003-0054, CVE-2003-0055
CVSS Base Score: 7.5