macOS : macOS Server < 5.2 Multiple Vulnerabilities (httpoxy)

critical Nessus Plugin ID 93813

Synopsis

The remote host is missing a security update for macOS Server.

Description

The version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.2. It is, therefore, affected by the following vulnerabilities :

- The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated.
(CVE-2016-4694)

- Multiple unspecified flaws exist that are related to the RC4 algorithm that allow an unauthenticated, remote attacker to defeat cryptographic protection mechanisms.
(CVE-2016-4754)

Solution

Upgrade to macOS Server version 5.2 or later. Note that macOS Server version 5.2 is available only for macOS 10.12 or later.

See Also

https://support.apple.com/en-us/HT207171

http://www.nessus.org/u?a9b0d4cb

https://httpoxy.org

Plugin Details

Severity: Critical

ID: 93813

File Name: macos_server_5_2.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 9/30/2016

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:os_x_server

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/20/2016

Vulnerability Publication Date: 3/21/2016

Reference Information

CVE: CVE-2016-4694, CVE-2016-4754

BID: 93060, 93061

APPLE-SA: APPLE-SA-2016-09-20-4