Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| macosx-imagecapture-directory-traversal(42718) | |||
| ADV-2008-1697 | |||
| TA08-150A | |||
| 29501 | |||
| 29412 | |||
| 1020141 | |||
| APPLE-SA-2008-05-28 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)
Related CAPEC 7
Relative Path Traversal (CAPEC-ID 139)
Directory Traversal (CAPEC-ID 213)
File System Function Injection, Content Based (CAPEC-ID 23)
Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64)
Manipulating Input to File System Calls (CAPEC-ID 76)
Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78)
Using Slashes in Alternate Encoding (CAPEC-ID 79)