Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

It is possible to get the list of files present in the remote directory.

Description :

It is possible to read a '.DS_Store' file on the remote web server.

This file is created by MacOS X Finder
it is used to remember the icons
position on the desktop, among other things, and contains the list of files
and directories present in the remote directory.

Note that deleted files may still be present in this .DS_Store file.

See also :

http://support.apple.com/kb/HT1629
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16831&sliceId=2
http://www.greci.cc/?p=10

Solution :

- Configure your web server so as to prevent the download of .DS_Store files
- Mac OS X users should configure their workstation to disable the creation
of .DS_Store files on network shares.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.2
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 10756 ()

Bugtraq ID: 3316
3325

CVE ID: CVE-2001-1446