CVE-2004-1083 : Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.

Published 2004-12-03 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-1083

Apple » Mac Os X » Version: 10.2
cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.1
cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.2
cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.3
cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.4
cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.7
cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.8
cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.5
cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.2.6
cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.1
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.2
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.3
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.4
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.5
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.3.6
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2
cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.1
cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.3
cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.2
cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.4
cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.6
cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.5
cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.8
cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.1
cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.2
cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.2.7
cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.3
cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.4
cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.5
cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.3.6
cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
Matching versions
Apple » Darwin Streaming Server » Version: 4.1.3
cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Darwin Streaming Server » Version: 5.0.1
cpe:2.3:a:apple:darwin_streaming_server:5.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Quicktime Streaming Server » Version: 4.1.1
cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2004-1083

Top countries where our scanners detected CVE-2004-1083

Top open port discovered on systems with this issue 80

IPs affected by CVE-2004-1083 6

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2004-1083!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2004-1083

EPSS FAQ

1.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1083

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST	2024-02-08
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2004-1083

CWE-178 Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2004-1083

http://secunia.com/advisories/13362/

About Secunia Research | Flexera
Broken Link;Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18348

Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure CVE-2004-1083 Vulnerability Report
Third Party Advisory;VDB Entry
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

Mailing List;Patch

CVEs referencing this url
http://www.ciac.org/ciac/bulletins/p-049.shtml

Broken Link;Patch;Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Mailing List

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Mailing List

CVEs referencing this url
http://www.securityfocus.com/bid/11802

Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url