HTTP: Apple Macintosh OS X .DS_Store directory Listing
This signature detects attempts to access the .DS_Store file on a web server. This file contains sensitive information including system configuration, installed applications, etc.
Extended Description
A vulnerability has been found in certain configurations of Macintosh OS X. A remote attacker may read obtain web directory content information by submitting a URL to the vulnerable host's web service of the following form: http://www.example.com/target_directory/.DS_store. This information could provide an attacker with sensitive information including system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host.
Affected Products
Apple mac_os_x
References
BugTraq: 3324
CVE: CVE-2004-1082
URL: http://docs.info.apple.com/article.html?artnum=61798 http://www.kb.cert.org/vuls/id/177243
Short Name
HTTP:INFO-LEAK:DS-STORE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
.DS_Store Apple CVE-2004-1082 Listing Macintosh OS X bid:3324 directory
Release Date
01/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apple
CVSS Score
7.5