VAR-200109-0134
Vulnerability from variot - Updated: 2025-04-03 22:19Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. The Apache (1.3.14) web server's file access protection scheme can be bypassed for the Mac OS X HFS+ filesystem. Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Requesting a URL with the relative path of a '.DS_Store' file, will reveal the contents of the requested directory. This vulnerability could be used in conjunction with a previously discovered issue (BID 2852), which causes files to be arbitrarily disclosed through mixed case file requests. A remote attacker may read the indexed contents of files by submitting a URL to the vulnerable host's web service of the following form: http://www.example.com/target_directory/.FBCIndex. This information could provide an attacker with sensitive information including potential passwords useful in dictionary attacks, system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200109-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "mac",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to bugtraq by Eric Bennett \u003cemb22@cornell.edu\u003e on September 10, 2001.",
"sources": [
{
"db": "BID",
"id": "3325"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1446",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4250",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#439395",
"trust": 0.8,
"value": "3.60"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#177243",
"trust": 0.8,
"value": "11.25"
},
{
"author": "CNNVD",
"id": "CNNVD-200109-036",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4250",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "VULHUB",
"id": "VHN-4250"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. The Apache (1.3.14) web server\u0027s file access protection scheme can be bypassed for the Mac OS X HFS+ filesystem. Mac OS X\u0027s Find-By-Content indexing may store file data where it can be served to remote users by Apache. Requesting a URL with the relative path of a \u0027.DS_Store\u0027 file, will reveal the contents of the requested directory. \nThis vulnerability could be used in conjunction with a previously discovered issue (BID 2852), which causes files to be arbitrarily disclosed through mixed case file requests. \nA remote attacker may read the indexed contents of files by submitting a URL to the vulnerable host\u0027s web service of the following form:\nhttp://www.example.com/target_directory/.FBCIndex. \nThis information could provide an attacker with sensitive information including potential passwords useful in dictionary attacks, system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1446"
},
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
},
{
"db": "VULHUB",
"id": "VHN-4250"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3325",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#177243",
"trust": 2.8
},
{
"db": "BID",
"id": "3316",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2001-1446",
"trust": 1.7
},
{
"db": "BID",
"id": "2852",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#439395",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010910 RE: MORE SECURITY PROBLEMS IN APACHE ON MAC OS X",
"trust": 0.6
},
{
"db": "XF",
"id": "7103",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4250",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "VULHUB",
"id": "VHN-4250"
},
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"id": "VAR-200109-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4250"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:19:28.222000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/3325"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/177243"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0085.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/3316"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7103"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2852"
},
{
"trust": 0.8,
"url": "http://www.apple.com/downloads/macosx/apple/websharingupdate.html"
},
{
"trust": 0.8,
"url": "http://www.macintouch.com/mosxreaderreports43"
},
{
"trust": 0.8,
"url": "http://httpd.apache.org/docs/mod/core.html#directory"
},
{
"trust": 0.8,
"url": "http://httpd.apache.org/docs/misc/security_tips.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/7103"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/vdb/bottom.html?vid=2852"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/svim-53nukh"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "VULHUB",
"id": "VHN-4250"
},
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#439395"
},
{
"db": "CERT/CC",
"id": "VU#177243"
},
{
"db": "VULHUB",
"id": "VHN-4250"
},
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#439395"
},
{
"date": "2002-08-05T00:00:00",
"db": "CERT/CC",
"id": "VU#177243"
},
{
"date": "2001-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-4250"
},
{
"date": "2001-09-10T00:00:00",
"db": "BID",
"id": "3316"
},
{
"date": "2001-09-11T00:00:00",
"db": "BID",
"id": "3325"
},
{
"date": "2001-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"date": "2001-09-11T04:00:00",
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-02T00:00:00",
"db": "CERT/CC",
"id": "VU#439395"
},
{
"date": "2005-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#177243"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-4250"
},
{
"date": "2001-09-10T00:00:00",
"db": "BID",
"id": "3316"
},
{
"date": "2001-09-11T00:00:00",
"db": "BID",
"id": "3325"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-036"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-1446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "3316"
},
{
"db": "BID",
"id": "3325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem",
"sources": [
{
"db": "CERT/CC",
"id": "VU#439395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-036"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…