Signature Detail
Short Name |
HTTP:INFO-LEAK:DS-STORE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Apple Macintosh OS X .DS_Store directory Listing |
Release Date |
2005/01/07 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple Macintosh OS X .DS_Store directory Listing
This signature detects attempts to access the .DS_Store file on a web server. This file contains sensitive information including system configuration, installed applications, etc.
Extended Description
A vulnerability has been found in certain configurations of Macintosh OS X. A remote attacker may read obtain web directory content information by submitting a URL to the vulnerable host's web service of the following form: http://www.example.com/target_directory/.DS_store. This information could provide an attacker with sensitive information including system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host.
Affected Products
- Apple Mac OS X 10.0.0
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.4
References
- BugTraq: 3324
- CVE: CVE-2004-1082
- URL: http://docs.info.apple.com/article.html?artnum=61798
- URL: http://www.kb.cert.org/vuls/id/177243