{"vuid":"VU#460350","idnumber":"460350","name":"Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests","keywords":["Apple","Quicktime/Darwin Streaming Server","DoS","DESCRIBE","User-Agent","CommonUtilitiesLib","StringFormatter.h"],"overview":"Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition.","clean_desc":"Apple's QuickTime and Darwin Streaming Server is software which provides integrated distribution of various forms of digital content. Such content can be delivered over a network using Real-Time Transport Protocol (RTP) and Real-Time Streaming Protocol (RTSP). The RTSP provides a DESCRIBE method which according to RFC 2326 \"retrieves the description of a presentation or media object identified by the request URL from a server. It may use the Accept header to specify the description formats that the client understands. The server responds with a description of the requested resource. The DESCRIBE reply-response pair constitutes the media initialization phase of RTSP.\" There is a vulnerability in the way the Quicktime/Darwin Streaming Server parses DESCRIBE requests containing specially crafted User-Agent fields. An attacker could exploit this vulnerability by sending a DESCRIBE request containing an overly large User-Agent field.","impact":"An unauthenticated, remote attacker could prevent legitimate users from accessing the streamed content.","resolution":"Apply Patch\nApple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Update 2004-02-23).","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by iDefense.","author":"This document was written by Damon Morda.","public":["http://www.idefense.com/application/poi/display?id=75","http://www.apple.com/support/security/security_updates.html","http://www.ietf.org/rfc/rfc2326.txt"],"cveids":["CVE-2004-0169"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-02-24T18:29:18Z","publicdate":"2004-02-24T00:00:00Z","datefirstpublished":"2004-02-25T18:29:58Z","dateupdated":"2004-03-15T13:49:36Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"8","cam_impact":"3","cam_easeofexploitation":"10","cam_attackeraccessrequired":"17","cam_scorecurrent":"1.683","cam_scorecurrentwidelyknown":"2.0655","cam_scorecurrentwidelyknownexploited":"3.5955","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.683,"vulnote":null}