Lucene search

[email protected]CVE-2004-1083

HistoryDec 03, 2004 - 5:00 a.m.

CVE-2004-1083

2004-12-0305:00:00

CWE-178

[email protected]

web.nvd.nist.gov

apache

mac os x

security vulnerability

case sensitivity

remote attack

nvd

cve-2004-1083

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.064 Low

EPSS

Percentile

93.7%

JSON

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with “.ht” using alternate capitalization.

CPENameOperatorVersion
apple:quicktime_streaming_serverapple quicktime streaming servereq4.1.1
apple:darwin_streaming_serverapple darwin streaming servereq5.0.1
apple:darwin_streaming_serverapple darwin streaming servereq4.1.3
apple:mac_os_x_serverapple mac os x servereq10.3.2
apple:mac_os_xapple mac os xeq10.2.5
apple:mac_os_x_serverapple mac os x servereq10.2.2
apple:mac_os_xapple mac os xeq10.2.7
apple:mac_os_xapple mac os xeq10.2.8
apple:mac_os_x_serverapple mac os x servereq10.2.4
apple:mac_os_xapple mac os xeq10.2.1

CPE	Name	Operator	Version
apple:quicktime_streaming_server	apple quicktime streaming server	eq	4.1.1
apple:darwin_streaming_server	apple darwin streaming server	eq	5.0.1
apple:darwin_streaming_server	apple darwin streaming server	eq	4.1.3
apple:mac_os_x_server	apple mac os x server	eq	10.3.2
apple:mac_os_x	apple mac os x	eq	10.2.5
apple:mac_os_x_server	apple mac os x server	eq	10.2.2
apple:mac_os_x	apple mac os x	eq	10.2.7
apple:mac_os_x	apple mac os x	eq	10.2.8
apple:mac_os_x_server	apple mac os x server	eq	10.2.4
apple:mac_os_x	apple mac os x	eq	10.2.1

Rows per page:

1-10 of 351

References

lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

secunia.com/advisories/13362/

www.ciac.org/ciac/bulletins/p-049.shtml

www.securityfocus.com/bid/11802

exchange.xforce.ibmcloud.com/vulnerabilities/18348

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.064 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2004-1083

cvelist1 nessus5