6.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.9%
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
support.apple.com/kb/HT204942
www.securityfocus.com/bid/75493
www.securitytracker.com/id/1032760