Vulnerabilities > CVE-2016-1777 - Cryptographic Issues vulnerability in Apple mac OS X Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOS_10_14.NASL description The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 118178 published 2018-10-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118178 title macOS < 10.14 Multiple Vulnerabilities NASL family Misc. NASL id APPLETV_12.NASL description According to its banner, the version of Apple TV on the remote device is prior to 12. It is, therefore, affected by multiple vulnerabilities as described in the HT209107 security advisory. Note that only 4th and 5th generation models are affected by these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 117588 published 2018-09-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117588 title Apple TV < 12 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOS_10_12_2.NASL description The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppleGraphicsPowerManagement - Assets - Audio - Bluetooth - CoreCapture - CoreFoundation - CoreGraphics - CoreMedia External Displays - CoreMedia Playback - CoreStorage - CoreText - curl - Directory Services - Disk Images - FontParser - Foundation - Grapher - ICU - ImageIO - Intel Graphics Driver - IOFireWireFamily - IOAcceleratorFamily - IOHIDFamily - IOKit - IOSurface - Kernel - kext tools - libarchive - LibreSSL - OpenLDAP - OpenPAM - OpenSSL - Power Management - Security - syslog - WiFi - xar Note that successful exploitation of the most serious issues can result in arbitrary code execution. Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions. last seen 2020-06-01 modified 2020-06-02 plugin id 95917 published 2016-12-16 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95917 title macOS 10.12.x < 10.12.2 Multiple Vulnerabilities
References
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html
- http://www.securityfocus.com/bid/85054
- http://www.securityfocus.com/bid/85054
- http://www.securitytracker.com/id/1035342
- http://www.securitytracker.com/id/1035342
- https://support.apple.com/HT206173
- https://support.apple.com/HT206173