Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbStefan ArentzEDB-ID:20911
HistoryJun 10, 2001 - 12:00 a.m.

Apache 1.3.14 - Mac File Protection Bypass

2001-06-1000:00:00
Stefan Arentz
www.exploit-db.com
17

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/2852/info

A vulnerability exists when Apache webserver is used with Mac OS X Client.

The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.

The impact is that arbitrary privileged files may be disclosed to unprivileged remote users. 

The following request will result in a 403 Forbidden as excpected:

GET /test/index.html

But the following request will happily serve the file:

GET /TeSt/index.html

Related

cve 1
cert 1
nvd 1
cvelist 1
cve
cve
CVE-2001-0766
2001-10-18 04:00:00
cert
cert
Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem
2001-09-28 00:00:00
nvd
nvd
CVE-2001-0766
2001-10-18 04:00:00
cvelist
cvelist
CVE-2001-0766
2001-10-12 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:20911
cve1cert1nvd1cvelist1