130 results (0.025 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Web Server en Apple OS X Server en versiones anteriores a 5.1 no restringe correctamente el acceso a archivos .DS_Store y .htaccess, lo que permite a atacantes remotos obtener información de configuración sensible a través de una petición HTTP. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html http://www.securityfocus.com/bid/85054 http://www.securitytracker.com/id/1035342 https://support.apple.com/HT206173 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Web Server en Apple OS X Server en versiones anteriores a 5.1 soporta el algoritmo RC4, lo que facilita a atacantes remotos vencer los mecanismos de protección criptográfica a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html http://www.securityfocus.com/bid/85054 http://www.securitytracker.com/id/1035342 https://support.apple.com/HT206173 • CWE-310: Cryptographic Issues •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. Wiki Server en Apple OS X Server en versiones anteriores a 5.1 permite a atacantes remotos obtener información sensible de páginas Wiki a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html http://www.securityfocus.com/bid/85054 http://www.securitytracker.com/id/1035342 https://support.apple.com/HT206173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realización de una copia de seguridad, lo que facilita a atacantes remotos obtener información sensible en circunstancias oportunistas leyendo los datos de la copia de seguridad que carecen de las restricciones previstas. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html http://www.securityfocus.com/bid/85054 http://www.securitytracker.com/id/1035342 https://support.apple.com/HT206173 • CWE-284: Improper Access Control •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. El componente Web Service en Apple OS X Server en versiones anteriores a 5.0.15 omite una configuración de cabecera HTTP no especificada, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html http://www.securitytracker.com/id/1033933 https://support.apple.com/HT205376 • CWE-264: Permissions, Privileges, and Access Controls •