Korean

<< Back VID 22162 Severity 30 Port 80, ... Protocol TCP Class WWW Detailed Description The Apache Web server used with MacOS X client discloses the content of web directory. This vulnerability arises when Apache 1.3.14 webserver is used with MacOS X Client due to a flaw a case insensitive filesystem of MacOS. The filesystem for MacOS X is Apple's HFS+ and most setups use it, is a case insensitive filesystem, It regards the names "ANY_file", "any_FILE" as the same file. But, the Apache web server's file access protection scheme(file request filtering) assumes that the filesystem being protected is case sensitive. So although under the Apache scheme, it's used to "directives", which include <Directory>,<Files>, and <Location>, it cannot properly handle access for files or directories and protect it. The finder of MacOS X creates an invisible file, ".DS_Store" in each directory which contains a list of files within that directory. A remote attacker can gain the contents of the particular directory by requesting a URL with the relative path of a ".DS_Store" file. For example, when the server receives the URL http://apache_server/target_directory/.ds_store, it will reveal the file contents of the "target_directory". Using this vulnerability, a remote attacker can gain the sensitive data and perform the further attacks against the target server. * Platforms Affected : Apache 1.3.14 server used with the follow MacOS version - Apple MacOS X 10.0 - Apple MacOS X 10.0.1 - Apple MacOS X 10.0.2 - Apple MacOS X 10.0.3 - Apple MacOS X 10.0.4 Recommendation Upgrade to the version, MacOS X 10.1 or later from Apple's web site, http://docs.info.apple.com/article.html?artnum=75295 Now the latest version, MacOS X 10.2.3 is released on the Dec. 19, 2002. As the workaround, use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch "^\.[Dd][Ss]_[Ss]"> Order allow, deny Deny from all </FilesMatch> Related URL CVE-2001-1446 (CVE) Related URL 3316,3324,3325 (SecurityFocus) Related URL 7103 (ISS)