Vulnerability Name:

CVE-2001-1446 (CCN-7103)

Assigned:2001-09-10
Published:2001-09-10
Updated:2017-07-11
Summary:Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
It is reported that this issue is addressed in the Apple Mac OS X and Mac OS X Server release versions 10.2 and above. This is not confirmed.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Mon Sep 10 2001 - 09:02:07 CDT
More security problems in Apache on Mac OS X

Source: BUGTRAQ
Type: UNKNOWN
20010910 Re: More security problems in Apache on Mac OS X

Source: CCN
Type: BugTraq Mailing List, Mon Sep 10 2001 - 18:44:05 CDT
Re: More security problems in Apache on Mac OS X

Source: MITRE
Type: CNA
CVE-2001-1446

Source: CCN
Type: Apple Computer, Inc. Product Security Incident Response
Mac OS X Server v10.1

Source: CCN
Type: Apple Computer, Inc. Software Downloads Web site
Mac OS Server Update 10.1.1

Source: CCN
Type: US-CERT VU#177243
Mac OS X Finder creates world-readable .FBCIndex file thereby disclosing sensitive information

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#177243

Source: CCN
Type: OSVDB ID: 644
Apple Mac OS X Find-By-Content .FBCIndex Web File Content Disclosure

Source: CCN
Type: OSVDB ID: 6694
Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing

Source: CCN
Type: BID-3316
MacOS X Client Apache Directory Contents Disclosure Vulnerability

Source: CCN
Type: BID-3324
Apple Macintosh OS X .DS_Store Directory Listing Disclosure Vulnerability

Source: BID
Type: UNKNOWN
3325

Source: CCN
Type: BID-3325
Apple Macintosh OS X FBCIndex File Contents Disclosure Vulnerability

Source: XF
Type: UNKNOWN
macos-apache-directory-disclosure(7103)

Source: XF
Type: UNKNOWN
macos-apache-directory-disclosure(7103)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • AND
  • cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple mac os x 10.0
    apple mac os x 10.0.1
    apple mac os x 10.0.2
    apple mac os x 10.0.3
    apple mac os x 10.0.4
    apple mac os x 10.0.3
    apple mac os x 10.0.2
    apple mac os x 10.0.1
    apple mac os x 10.0
    apple mac os x 10.0.4
    apache http server 1.3.14