NASLDB: Apple Mac OS X Wiki Server Weblog SACL Security Bypass
General
ID: 45440
Name: Apple Mac OS X Wiki Server Weblog SACL Security Bypass
Summary: Queries the version of Mac OS X Web Services
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote Mac OS X Server Web Services installation contains a
version of the Wiki server that allows an attacker to bypass the
service control access lists (SACLs) that have been put into place.
An authenticated user could exploit this flaw to post blog entries
even when not allowed to do so by the remote system.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2010-0534
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2010/03/29
Patch Release: 2010/03/29
Plugin Release: 2010/04/08
Plugin
Version: 1.6
Filename: macosx_server_wiki_acl_bypass.nasl
Filesize: 2848 bytes
MD5 Hash: b57790b527bf68a44fe8598f06d84595
Identification: –
Require Keys: www/macosx_web_svcs_srv
Dependencies: "macosx_server_web_svcs_version.nasl"
Copyright: This script is Copyright© 2010-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack