Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html - Mailing List, Patch | |
References | () http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html - Mailing List | |
References | () http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html - Mailing List | |
References | () http://secunia.com/advisories/13362/ - Broken Link, Patch, Vendor Advisory | |
References | () http://www.ciac.org/ciac/bulletins/p-049.shtml - Broken Link, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/11802 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18348 - Third Party Advisory, VDB Entry |
08 Feb 2024, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18348 - Third Party Advisory, VDB Entry | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html - Mailing List | |
References | (CIAC) http://www.ciac.org/ciac/bulletins/p-049.shtml - Broken Link, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/11802 - Broken Link, Third Party Advisory, VDB Entry | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html - Mailing List | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html - Mailing List, Patch | |
References | (SECUNIA) http://secunia.com/advisories/13362/ - Broken Link, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-178 |
Information
Published : 2004-12-03 05:00
Updated : 2024-11-20 23:50
NVD link : CVE-2004-1083
Mitre link : CVE-2004-1083
CVE.ORG link : CVE-2004-1083
JSON object : View
Products Affected
apple
- mac_os_x
- quicktime_streaming_server
- darwin_streaming_server
- mac_os_x_server
CWE
CWE-178
Improper Handling of Case Sensitivity