CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4694
https://notcve.org/view.php?id=CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la sección 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar el tráfico HTTP fuera de rango de una aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, problema también conocido como "httpoxy", un problema relacionado con CVE-2016-5387. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html http://www.securityfocus.com/bid/93060 http://www.securitytracker.com/id/1036853 https://support.apple.com/HT207170 https://support.apple.com/HT207171 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4754
https://notcve.org/view.php?id=CVE-2016-4754
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. ServerDocs Server en Apple OS X Server en versiones anteriores a 5.2 permite el cifrado RC4, lo que podría permitir a atacantes remotos vencer mecanismos de protección criptográfica a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html http://www.securityfocus.com/bid/93061 http://www.securitytracker.com/id/1036853 https://support.apple.com/HT207171 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1151
https://notcve.org/view.php?id=CVE-2015-1151
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. Wiki Server en Apple OS X Server anterior a 4.1 permite a atacantes remotos evadir las restricciones sobre las páginas de actividad y de gente mediante la conexión desde un cliente de iPad. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html http://www.securitytracker.com/id/1032196 https://support.apple.com/HT204201 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1150
https://notcve.org/view.php?id=CVE-2015-1150
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. El componente Firewall en Apple OS X Server anterior a 4.1 utiliza un nombre de ruta incorrecto en los ficheros de configuración, lo que permite a atacantes remotos evadir las restricciones de acceso a red mediante el envío de paquetes para los cuales el bloqueo de la regla personalizada fue intencionado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html http://www.securitytracker.com/id/1032197 https://support.apple.com/HT204201 • CWE-17: DEPRECATED: Code •
CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1855.html http://svn.apache.org/viewvc?view=revision&revision=1638818 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/71657 http://www.ubuntu.com/usn/USN-2523-1 https://access.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •