CVE-2004-1083

HIGH

Apache for Apple Mac OS X 10.2.8-10.3.6 - Info Disclosure

Title source: llm

Description

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.

References (7)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/11802

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/13362/

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

[Mailing List, Patch] http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18348

[Mailing List] http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

[Broken Link, Patch, Vendor Advisory] http://www.ciac.org/ciac/bulletins/p-049.shtml

Scores

CVSS v3 7.5

EPSS 0.0191

EPSS Percentile 83.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-178

Status published

Products (35)

apple/darwin_streaming_server 4.1.3

apple/darwin_streaming_server 5.0.1

apple/mac_os_x 10.2

apple/mac_os_x 10.2.1

apple/mac_os_x 10.2.2

apple/mac_os_x 10.2.3

apple/mac_os_x 10.2.4

apple/mac_os_x 10.2.5

apple/mac_os_x 10.2.6

apple/mac_os_x 10.2.7

... and 25 more

Published Dec 03, 2004

Tracked Since Feb 18, 2026