CVE-2001-0766
CVSS7.5
发布时间 :2001-10-18 00:00:00
修订时间 :2008-09-05 16:24:52
NMCOES    

[原文]Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.


[CNNVD]MacOS X Client Apache文件保护绕过漏洞(CNNVD-200110-057)

        CVE(CAN) ID: CAN-2001-0766
        
        
        
        当使用MacOS X Client访问Apache服务器时存在安全漏洞。MacOS X的标准文件系统是
        
        HFS+,它对大小写是不敏感的,而Apache对大小写的过滤是大小写敏感的。
        
        
        
        因此,Apache只能过滤精确匹配的请求,却不会过滤大小写混合或全是大写的请求,而
        
        HFS+是大小写不敏感的,这就导致这些被"过滤"的请求成功响应。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0766
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0766
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200110-057
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2852
(VENDOR_ADVISORY)  BID  2852
http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html
(VENDOR_ADVISORY)  BUGTRAQ  20010610 Mac OS X - Apache & Case Insensitive Filesystems

- 漏洞信息

MacOS X Client Apache文件保护绕过漏洞
高危 设计错误
2001-10-18 00:00:00 2006-04-07 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-0766
        
        
        
        当使用MacOS X Client访问Apache服务器时存在安全漏洞。MacOS X的标准文件系统是
        
        HFS+,它对大小写是不敏感的,而Apache对大小写的过滤是大小写敏感的。
        
        
        
        因此,Apache只能过滤精确匹配的请求,却不会过滤大小写混合或全是大写的请求,而
        
        HFS+是大小写不敏感的,这就导致这些被"过滤"的请求成功响应。
        
        
        
        

- 公告与补丁

        
        
        目前有以下三种临时解决方法:
        
        
        
        1.使用MacOS X Server
        
        2.采用UFS文件系统
        
        3.在受保护的目录里增加.htaccess文件,内容如下:
        
         Order deny,allow
        
         Deny from all
        
         修改httpd.conf文件,受保护目录设置为:
        
         AllowOverride Limit AuthConfig
        
         或
        
         AllowOverride All
        
         并增加下列内容:
        
        
        
         Order allow,deny
        
         Deny from all
        
        

        
        
        
        厂商补丁:
        
        
        
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
        
        的主页以获取最新版本:
        
        
        
        
        http://www.apple.com/macosx/server/

        

- 漏洞信息 (20911)

Apache 1.3.14 Mac File Protection Bypass Vulnerability (EDBID:20911)
osX remote
2001-06-10 Verified
0 Stefan Arentz
N/A [点击下载]
source: http://www.securityfocus.com/bid/2852/info

A vulnerability exists when Apache webserver is used with Mac OS X Client.

The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.

The impact is that arbitrary privileged files may be disclosed to unprivileged remote users. 

The following request will result in a 403 Forbidden as excpected:

GET /test/index.html

But the following request will happily serve the file:

GET /TeSt/index.html 		

- 漏洞信息

7039
Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

Mac OS X contains a flaw that may allow a malicious user to bypass Apache access controls. The issue is the case-insensitivity of the HFS+ filesystem, which can be exploited to access restricted directories, by changing the case of one or more characters. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality.

- 时间线

2001-06-10 Unknow
2001-06-10 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

MacOS X Client Apache File Protection Bypass Vulnerability
Design Error 2852
Yes No
2001-06-10 12:00:00 2009-07-11 06:56:00
This vulnerability was submitted to BugTraq by Stefan Arentz <stefan.arentz@soze.com> on June 10th, 2001.

- 受影响的程序版本

Apache Software Foundation Apache 1.3.14 Mac
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0

- 漏洞讨论

A vulnerability exists when Apache webserver is used with Mac OS X Client.

The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests that match filters exactly (including case), but it will not filter requests made with mixed or upper case characters. Since HFS+ is case insensitive, these requests will result in the "filtered" files being disclosed.

The impact is that arbitrary privileged files may be disclosed to unprivileged remote users.

- 漏洞利用

This example was supplied by Stefan Arentz &lt;stefan.arentz@soze.com&gt;:

The following request will result in a 403 Forbidden as excpected:

GET /test/index.html

But the following request will happily serve the file:

GET /TeSt/index.html

- 解决方案

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站