7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
This document describes the security content of OS X Server 5.1.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
Available for: OS X El Capitan v10.11.4
Impact: An administrator may unknowingly store backups on a volume without permissions enabled
Description: An issue in Time Machine server did not properly warn administrators if permissions were ignored when performing a server backup. This issue was addressed through improved warnings.
CVE-ID
CVE-2016-1774 : CJKApps
Available for: OS X El Capitan v10.11.4
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: RC4 was removed as a supported cipher.
CVE-ID
CVE-2016-1777 : Pepi Zawodsky
Available for: OS X El Capitan v10.11.4
Impact: A remote user may be able to view sensitive configuration information
Description: A file access issue existed in Apache with .DS_Store and .htaccess files. This issue was addressed through improved access restrictions.
CVE-ID
CVE-2016-1776 : Shawn Pullum of University of California, Irvine
Available for: OS X El Capitan v10.11.4
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An access issue existed in some Wiki pages. This issue was addressed through improved access restrictions.
CVE-ID
CVE-2016-1787 : an anonymous researcher
OS X Server 5.1 requires OS X El Capitan v10.11.4 for security improvements.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Published Date: January 23, 2017
CPE | Name | Operator | Version |
---|---|---|---|
os x server | lt | 5.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N