Apache on Mac OS X HFS+ Arbitrary File Source Disclosure

Medium Nessus Plugin ID 15927


The remote web server is affected by an information disclosure vulnerability.


The remote host seems to be running Mac OS X or Mac OS X Server.

There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the source code of remote scripts.


Install the latest Apple Security Patches.

Plugin Details

Severity: Medium

ID: 15927

File Name: hfs_fork_source.nasl

Version: $Revision: 1.26 $

Type: remote

Family: Web Servers

Published: 2004/12/09

Modified: 2016/05/11

Dependencies: 10107, 11936

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/12/02

Reference Information

CVE: CVE-2004-1083, CVE-2004-1084

BID: 11802

OSVDB: 12192, 12193