medium
5
CWE
NVD-CWE-Other
Advisory Published
CVE Published
Updated

CVE-2004-1084

First published: Thu Dec 02 2004(Updated: )

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Apple Quicktime Streaming Server=4.1.1
Apple Darwin=5.0.1
Apple Darwin=4.1.3
Apple Mac OS X Server=10.3.2
macOS Yosemite=10.2.5
Apple Mac OS X Server=10.2.2
macOS Yosemite=10.2.7
macOS Yosemite=10.2.8
Apple Mac OS X Server=10.2.4
macOS Yosemite=10.2.1
Apple Mac OS X Server=10.3.5
macOS Yosemite=10.3.1
macOS Yosemite=10.3.5
Apple Mac OS X Server=10.3.3
Apple Mac OS X Server=10.2.7
Apple Mac OS X Server=10.2.3
macOS Yosemite=10.2.4
Apple Mac OS X Server=10.3.4
macOS Yosemite=10.3.2
macOS Yosemite=10.2.2
Apple Mac OS X Server=10.2.5
macOS Yosemite=10.3.6
Apple Mac OS X Server=10.3
Apple Mac OS X Server=10.2.6
Apple Mac OS X Server=10.2
Apple Mac OS X Server=10.2.1
Apple Mac OS X Server=10.3.1
macOS Yosemite=10.3.4
macOS Yosemite=10.3.3
macOS Yosemite=10.2.6
macOS Yosemite=10.2.3
Apple Mac OS X Server=10.2.8
macOS Yosemite=10.2
macOS Yosemite=10.3
Apple Mac OS X Server=10.3.6

Remedy

http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

Remedy

http://secunia.com/advisories/13362/

Remedy

http://www.ciac.org/ciac/bulletins/p-049.shtml

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2004-1084?

    CVE-2004-1084 is considered to have moderate severity as it allows remote attackers access to sensitive files.

  • How do I fix CVE-2004-1084?

    To fix CVE-2004-1084, upgrade Apache to the version that addresses this vulnerability as recommended in the security announcements.

  • Which versions are affected by CVE-2004-1084?

    CVE-2004-1084 affects Apache on Apple Mac OS X versions 10.2.8 and 10.3.6.

  • What type of access does CVE-2004-1084 allow?

    CVE-2004-1084 allows remote attackers to read files and resource fork content via specific HTTP requests.

  • Is there a workaround for CVE-2004-1084?

    A potential workaround for CVE-2004-1084 includes limiting access to sensitive files through configuration changes in Apache.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203