2004-09-01 04:00:00
mitre
PUBLISHED
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the servers installation path via a NULL file parameter.