CVE-2004-1084

Description

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Affected products

Apple / darwin_streaming_server5.0.1 – 5.0.1
Apple / darwin_streaming_server4.1.3 – 4.1.3
Apple / mac_os_x10.2.1 – 10.2.1
Apple / mac_os_x10.2.2 – 10.2.2
Apple / mac_os_x10.2.3 – 10.2.3
Apple / mac_os_x10.2.4 – 10.2.4
Apple / mac_os_x10.2.5 – 10.2.5
Apple / mac_os_x10.2.6 – 10.2.6
Apple / mac_os_x10.2.7 – 10.2.7
Apple / mac_os_x10.2.8 – 10.2.8
Apple / mac_os_x10.3 – 10.3
Apple / mac_os_x10.3.1 – 10.3.1
Apple / mac_os_x10.3.2 – 10.3.2
Apple / mac_os_x10.3.3 – 10.3.3
Apple / mac_os_x10.3.4 – 10.3.4
Apple / mac_os_x10.3.5 – 10.3.5
Apple / mac_os_x10.2 – 10.2
Apple / mac_os_x10.3.6 – 10.3.6
Apple / mac_os_x_server10.3.6 – 10.3.6
Apple / mac_os_x_server10.2 – 10.2
Apple / mac_os_x_server10.2.1 – 10.2.1
Apple / mac_os_x_server10.2.2 – 10.2.2
Apple / mac_os_x_server10.2.3 – 10.2.3
Apple / mac_os_x_server10.2.4 – 10.2.4
Apple / mac_os_x_server10.2.5 – 10.2.5
Apple / mac_os_x_server10.2.6 – 10.2.6
Apple / mac_os_x_server10.2.7 – 10.2.7
Apple / mac_os_x_server10.2.8 – 10.2.8
Apple / mac_os_x_server10.3 – 10.3
Apple / mac_os_x_server10.3.1 – 10.3.1
Apple / mac_os_x_server10.3.2 – 10.3.2
Apple / mac_os_x_server10.3.3 – 10.3.3
Apple / mac_os_x_server10.3.4 – 10.3.4
Apple / mac_os_x_server10.3.5 – 10.3.5
Apple / quicktime_streaming_server4.1.1 – 4.1.1

Description

Affected products

References