CVE-2004-1083

CWE-1785 documents4 sources

Severity

7.5HIGH

EPSS

1.9%

top 16.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Apple Darwin Streaming Server Apple MAC OS X Apple MAC OS X Server +1 more

Timeline

PublishedDec 3

Latest updateApr 29

Description

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/mac_os_x16 versions+15

▶NVDapple/mac_os_x_server16 versions+15

▶NVDapple/darwin_streaming_server4.1.3, 5.0.1+1

▶NVDapple/quicktime_streaming_server4.1.1

Patches

Patch: lists.apple.com ↗Patch: secunia.com ↗Patch: www.ciac.org ↗

🔴Vulnerability Details

2

GHSA

GHSA-q8p7-6fhh-3h44: Apache for Apple Mac OS X 10↗2022-04-29

▶

CVEList

CVE-2004-1083: Apache for Apple Mac OS X 10↗2005-04-14

▶

💥Exploits & PoCs

2

Exploit-DB

Monit 4.1 - Remote Buffer Overflow↗2004-04-09

▶

Exploit-DB

Monit 1.4/2.x/3/4 - 'HTTP Request' Buffer Overrun↗2003-11-24

▶