Vulnerabilities > CVE-2016-4754 - Cryptographic Issues vulnerability in Apple OS X Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOS_SERVER_5_2.NASL |
description | The version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.2. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 93813 |
published | 2016-09-30 |
reporter | This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/93813 |
title | macOS : macOS Server < 5.2 Multiple Vulnerabilities (httpoxy) |
code |
|
References
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html
- http://www.securityfocus.com/bid/93061
- http://www.securityfocus.com/bid/93061
- http://www.securitytracker.com/id/1036853
- http://www.securitytracker.com/id/1036853
- https://support.apple.com/HT207171
- https://support.apple.com/HT207171