CVE-2011-0212

2011-06-2420:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-0212

servermgrd

apple

mac os x

10.6.8

remote attackers

arbitrary files

http requests

intranet servers

denial of service

cpu consumption

memory consumption

xml-rpc

xml external entity

xxe

nvd

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

CPENameOperatorVersion
apple:mac_os_x_serverapple mac os x servereq10.6.3
apple:mac_os_x_serverapple mac os x servereq10.6.6
apple:mac_os_x_serverapple mac os x servereq10.6.4
apple:mac_os_x_serverapple mac os x servereq10.6.7
apple:mac_os_x_serverapple mac os x servereq10.6.5
apple:mac_os_x_serverapple mac os x servereq10.6.1
apple:mac_os_x_serverapple mac os x servereq10.6.2
apple:mac_os_x_serverapple mac os x servereq10.6.0

CPE	Name	Operator	Version
apple:mac_os_x_server	apple mac os x server	eq	10.6.3
apple:mac_os_x_server	apple mac os x server	eq	10.6.6
apple:mac_os_x_server	apple mac os x server	eq	10.6.4
apple:mac_os_x_server	apple mac os x server	eq	10.6.7
apple:mac_os_x_server	apple mac os x server	eq	10.6.5
apple:mac_os_x_server	apple mac os x server	eq	10.6.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.2
apple:mac_os_x_server	apple mac os x server	eq	10.6.0