← Back

CVE-2004-1083

nvd nist
Published: Dec 3, 2004Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.

Affected (35)

Apple
4 products
Darwin Streaming Server
Quicktime Streaming Server
Mac Os X
Mac Os X Server
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Darwin Streaming Server
Version 4.1.3
Darwin Streaming Server
Version 5.0.1
Quicktime Streaming Server
Version 4.1.1
Configuration B
32 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
Version 10.2.1
Mac Os X
Version 10.2.2
Mac Os X
Version 10.2.3
Mac Os X
Version 10.2.4
Mac Os X
Version 10.2.5
Mac Os X
Version 10.2.6
Mac Os X
Version 10.2.7
Mac Os X
Version 10.2.8
Mac Os X
Version 10.2
Mac Os X
Version 10.3.1
Mac Os X
Version 10.3.2
Mac Os X
Version 10.3.3
Mac Os X
Version 10.3.4
Mac Os X
Version 10.3.5
Mac Os X
Version 10.3.6
Mac Os X
Version 10.3
Apple
Mac Os X Server
Version 10.2.1
Mac Os X Server
Version 10.2.2
Mac Os X Server
Version 10.2.3
Mac Os X Server
Version 10.2.4
Mac Os X Server
Version 10.2.5
Mac Os X Server
Version 10.2.6
Mac Os X Server
Version 10.2.7
Mac Os X Server
Version 10.2.8
Mac Os X Server
Version 10.2
Mac Os X Server
Version 10.3.1
Mac Os X Server
Version 10.3.2
Mac Os X Server
Version 10.3.3
Mac Os X Server
Version 10.3.4
Mac Os X Server
Version 10.3.5
Mac Os X Server
Version 10.3.6
Mac Os X Server
Version 10.3

Related CWEs

CWE-178
Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

References (14)

Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Broken LinkPatchVendor Advisory
Source: cve@mitre.org
Broken LinkPatchVendor Advisory
Source: cve@mitre.org
Broken LinkThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.