Details of VAR-200412-0001

ID

VAR-200412-0001

CVE

CVE-2004-0090

TITLE

apple's Apple Mac OS X and Apple Mac OS X Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000763

DESCRIPTION

Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. apple's Apple Mac OS X and Apple Mac OS X Server Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Trust: 1.98

sources: NVD: CVE-2004-0090 // JVNDB: JVNDB-2004-000763 // BID: 9504 // VULHUB: VHN-8520

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.6	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.7	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.7	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.3.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.3.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.3.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.7	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.1.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.4	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.3.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.3.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.1.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.7	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.1.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.5	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.4	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.7	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.4	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.3	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	server 10.2.6	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.3.1	Trust: 0.8
vendor:	アップル	model:	apple mac os x server	scope:	eq	version:	10.2.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 9504 // JVNDB: JVNDB-2004-000763 // CNNVD: CNNVD-200412-389 // NVD: CVE-2004-0090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0090
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0090
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200412-389
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-8520
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0090
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8520
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8520 // JVNDB: JVNDB-2004-000763 // CNNVD: CNNVD-200412-389 // NVD: CVE-2004-0090

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000763 // NVD: CVE-2004-0090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-389

TYPE

Unknown

Trust: 0.9

sources: BID: 9504 // CNNVD: CNNVD-200412-389

PATCH

title:

lists.apple.com (msg00000)

url:

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000763

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0090	Trust: 3.6
db:	BID	id:	9504	Trust: 2.8
db:	SECUNIA	id:	10723	Trust: 2.5
db:	AUSCERT	id:	ESB-2004.0072	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000763	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-389	Trust: 0.7
db:	NSFOCUS	id:	6992	Trust: 0.6
db:	NSFOCUS	id:	7033	Trust: 0.6
db:	NSFOCUS	id:	6093	Trust: 0.6
db:	NSFOCUS	id:	7594	Trust: 0.6
db:	NSFOCUS	id:	5170	Trust: 0.6
db:	NSFOCUS	id:	5631	Trust: 0.6
db:	NSFOCUS	id:	5978	Trust: 0.6
db:	NSFOCUS	id:	5631※7594※5978※7759※5999※6179※7033※5170※6992※6570※6093※6456※5925	Trust: 0.6
db:	NSFOCUS	id:	6570	Trust: 0.6
db:	NSFOCUS	id:	6456	Trust: 0.6
db:	NSFOCUS	id:	5925	Trust: 0.6
db:	NSFOCUS	id:	7759	Trust: 0.6
db:	NSFOCUS	id:	6179	Trust: 0.6
db:	NSFOCUS	id:	5999	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2004-01-26	Trust: 0.6
db:	VULHUB	id:	VHN-8520	Trust: 0.1

sources: VULHUB: VHN-8520 // BID: 9504 // JVNDB: JVNDB-2004-000763 // CNNVD: CNNVD-200412-389 // NVD: CVE-2004-0090

REFERENCES

url:	http://www.securityfocus.com/bid/9504	Trust: 2.5
url:	http://secunia.com/advisories/10723/	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2004/jan/msg00000.html	Trust: 1.7
url:	http://www.auscert.org.au/render.html?it=3791&cid=1	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0090	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/5631※7594※5978※7759※5999※6179※7033※5170※6992※6570※6093※6456※5925	Trust: 0.6
url:	http://www.auscert.org.au/render.html?it=3791&cid=1	Trust: 0.1

sources: VULHUB: VHN-8520 // JVNDB: JVNDB-2004-000763 // CNNVD: CNNVD-200412-389 // NVD: CVE-2004-0090

CREDITS

Apache

Trust: 0.6

sources: CNNVD: CNNVD-200412-389

SOURCES

db:	VULHUB	id:	VHN-8520
db:	BID	id:	9504
db:	JVNDB	id:	JVNDB-2004-000763
db:	CNNVD	id:	CNNVD-200412-389
db:	NVD	id:	CVE-2004-0090

LAST UPDATE DATE

2024-08-14T12:22:18.468000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8520	date:	2008-09-05T00:00:00
db:	BID	id:	9504	date:	2009-07-12T02:06:00
db:	JVNDB	id:	JVNDB-2004-000763	date:	2024-05-29T07:48:00
db:	CNNVD	id:	CNNVD-200412-389	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0090	date:	2008-09-05T20:37:30.397

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8520	date:	2004-12-31T00:00:00
db:	BID	id:	9504	date:	2004-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000763	date:	2024-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200412-389	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0090	date:	2004-12-31T05:00:00