cnvd - cnvd-2017-10995

CNVD-2017-10995

Vulnerability from cnvd - Published: 2017-06-23

Title

Apple macOS Server用户枚举漏洞

Description

Apple Mac OS X是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。 Apple macOS Server存在用户枚举漏洞。攻击者利用该漏洞得到有效的用户名，发起进一步的攻击。

Severity

中

Patch Name

Apple macOS Server用户枚举漏洞的补丁

Patch Description

Apple Mac OS X是美国苹果（Apple）公司为Mac计算机所开发的一套专用操作系统。 Apple macOS Server存在用户枚举漏洞。攻击者利用该漏洞得到有效的用户名，发起进一步的攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.apple.com/

Reference

http://www.securityfocus.com/bid/97128 https://nvd.nist.gov/vuln/detail/CVE-2017-2382

Impacted products

Name
Apple macOS Server <5.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97128"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2382",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2382"
    }
  },
  "description": "Apple Mac OS X\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple macOS Server\u5b58\u5728\u7528\u6237\u679a\u4e3e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5f97\u5230\u6709\u6548\u7684\u7528\u6237\u540d\uff0c\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "discovererName": "Maris Kocins of SEMTEXX LTD",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e:\r\nhttps://www.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10995",
  "openTime": "2017-06-23",
  "patchDescription": "Apple Mac OS X\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple macOS Server\u5b58\u5728\u7528\u6237\u679a\u4e3e\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5f97\u5230\u6709\u6548\u7684\u7528\u6237\u540d\uff0c\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Server\u7528\u6237\u679a\u4e3e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS Server \u003c5.3"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97128\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2382",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-24",
  "title": "Apple macOS Server\u7528\u6237\u679a\u4e3e\u6f0f\u6d1e"
}

CVE-2017-2382 (GCVE-0-2017-2382)

Vulnerability from cvelistv5 – Published: 2017-04-02 01:36 – Updated: 2024-08-05 13:55

Summary

An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1038144	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/97128	vdb-entryx_refsource_BID
	https://support.apple.com/HT207604	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:55:04.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038144",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038144"
          },
          {
            "name": "97128",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97128"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207604"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the \"Wiki Server\" component. It allows remote attackers to enumerate user accounts via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-11T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1038144",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038144"
        },
        {
          "name": "97128",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97128"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207604"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-2382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the \"Wiki Server\" component. It allows remote attackers to enumerate user accounts via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038144",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038144"
            },
            {
              "name": "97128",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97128"
            },
            {
              "name": "https://support.apple.com/HT207604",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207604"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-2382",
    "datePublished": "2017-04-02T01:36:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:55:04.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-10995

CVE-2017-2382 (GCVE-0-2017-2382)

Tags

Sightings

Nomenclature