Detections
Analytics
Apple Mac OS X Wiki Server Weblog SACL Security Bypass
medium Nessus Plugin ID 45440
Language:
Synopsis
The remote host is affected by a security bypass vulnerability.Description
The remote Mac OS X Server Web Services installation contains a version of the Wiki Server component that is affected by a security bypass vulnerability due to a failure to check the service access control lists (SACLs) during the creation of a user's weblog. An authenticated, remote attacker can exploit this to publish content to the Wiki Server.Solution
Upgrade to Mac OS X version 10.6.3 or later.See Also
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html
Plugin Details
Severity: Medium
ID: 45440
File Name: macosx_server_wiki_acl_bypass.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 4/8/2010
Updated: 7/17/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N
Vulnerability Information
Required KB Items: www/macosx_web_svcs_srv
Exploit Ease: No exploit is required
Patch Publication Date: 3/29/2010
Vulnerability Publication Date: 3/29/2010
Reference Information
CVE: CVE-2010-0534
BID: 39291