CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

Published: Dec 2, 2004
Updated: Nov 9, 2025
CVE: CVE-2004-1084
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / quicktime_streaming_server	4.1.1	4.1.1.x
apple / darwin_streaming_server	5.0.1	5.0.1.x
apple / darwin_streaming_server	4.1.3	4.1.3.x
apple / mac_os_x_server	10.3.2	10.3.2.x
apple / mac_os_x	10.2.5	10.2.5.x
apple / mac_os_x_server	10.2.2	10.2.2.x
apple / mac_os_x	10.2.7	10.2.7.x
apple / mac_os_x	10.2.8	10.2.8.x
apple / mac_os_x_server	10.2.4	10.2.4.x
apple / mac_os_x	10.2.1	10.2.1.x
apple / mac_os_x_server	10.3.5	10.3.5.x
apple / mac_os_x	10.3.1	10.3.1.x
apple / mac_os_x	10.3.5	10.3.5.x
apple / mac_os_x_server	10.3.3	10.3.3.x
apple / mac_os_x_server	10.2.7	10.2.7.x
apple / mac_os_x_server	10.2.3	10.2.3.x
apple / mac_os_x	10.2.4	10.2.4.x
apple / mac_os_x_server	10.3.4	10.3.4.x
apple / mac_os_x	10.3.2	10.3.2.x
apple / mac_os_x	10.2.2	10.2.2.x
apple / mac_os_x_server	10.2.5	10.2.5.x
apple / mac_os_x	10.3.6	10.3.6.x
apple / mac_os_x_server	10.3	10.3.x
apple / mac_os_x_server	10.2.6	10.2.6.x
apple / mac_os_x_server	10.2	10.2.x
apple / mac_os_x_server	10.2.1	10.2.1.x
apple / mac_os_x_server	10.3.1	10.3.1.x
apple / mac_os_x	10.3.4	10.3.4.x
apple / mac_os_x	10.3.3	10.3.3.x
apple / mac_os_x	10.2.6	10.2.6.x
apple / mac_os_x	10.2.3	10.2.3.x
apple / mac_os_x_server	10.2.8	10.2.8.x
apple / mac_os_x	10.2	10.2.x
apple / mac_os_x	10.3	10.3.x
apple / mac_os_x_server	10.3.6	10.3.6.x

Vulnerability Database

308,379

CVE-2004-1084

Deep Security Visibility Without the Complexity