Overview
The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service.
Description
Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the default configuration. If no external restrictions, such as firewalls, are in place, this may allow unintended remote use of the HTTP proxy service. |
Impact
Unauthenticated remote attackers may be able to use the HTTP proxy service running on the local machine. This may result in the attacker gaining the ability to access previously inaccessible network locations or to hide the true origin of their attack. |
Solution
Apply An Update Apple has addressed the issue in Security Update 2005-005. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Apple Product Security for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-1340 |
| Severity Metric: | 6.89 |
| Date Public: | 2005-05-03 |
| Date First Published: | 2005-05-09 |
| Date Last Updated: | 2005-07-06 18:02 UTC |
| Document Revision: | 4 |