CVE-2016-1776

5.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac Os X Server
Vendor: CVE Published:; 24 March 2016

Summary

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request.

References

http://www.securitytracker.com/id/1035342

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/85054

vdb-entryx_refsource_BID

https://support.apple.com/HT206173

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2016
Vulnerability Reserved
Jan 13, 2016