Vulners
Lucene search
Apache 1.3.14 Mac File Protection Bypass Vulnerability
source: http://www.securityfocus.com/bid/2852/info
A vulnerability exists when Apache webserver is used with Mac OS X Client.
The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.
The impact is that arbitrary privileged files may be disclosed to unprivileged remote users.
The following request will result in a 403 Forbidden as excpected:
GET /test/index.html
But the following request will happily serve the file:
GET /TeSt/index.html
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1