Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Darwin_streaming_server | Apple | 4.1.3 (including) | 4.1.3 (including) |