Apache on Mac OS X HFS+ Arbitrary File Source Disclosure

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

The remote host seems to be running Mac OS X or Mac OS X Server.

There is a flaw in the remote web server that allows an attacker to
obtain the source code of any given file on the remote web server by
reading it through its data fork directly. An attacker may exploit
this flaw to obtain the source code of remote scripts.

Solution :

Install the latest Apple Security Patches.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 15927 (hfs_fork_source.nasl)

Bugtraq ID: 11802

CVE ID: CVE-2004-1083
CVE-2004-1084