Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1774 (GCVE-0-2016-1774)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:10
VLAI?
EPSS
Summary
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:38.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-16T10:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1035342",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-1774",
"datePublished": "2016-03-24T01:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:38.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.15\", \"matchCriteriaId\": \"B549527C-F0D8-49B7-846A-822381DBA317\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.\"}, {\"lang\": \"es\", \"value\": \"El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realizaci\\u00f3n de una copia de seguridad, lo que facilita a atacantes remotos obtener informaci\\u00f3n sensible en circunstancias oportunistas leyendo los datos de la copia de seguridad que carecen de las restricciones previstas.\"}]",
"id": "CVE-2016-1774",
"lastModified": "2024-11-21T02:47:03.623",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
"published": "2016-03-24T01:59:42.000",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/85054\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035342\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT206173\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/85054\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035342\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1774\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-03-24T01:59:42.000\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.\"},{\"lang\":\"es\",\"value\":\"El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realizaci\u00f3n de una copia de seguridad, lo que facilita a atacantes remotos obtener informaci\u00f3n sensible en circunstancias oportunistas leyendo los datos de la copia de seguridad que carecen de las restricciones previstas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.15\",\"matchCriteriaId\":\"B549527C-F0D8-49B7-846A-822381DBA317\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/85054\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1035342\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT206173\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/85054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
VAR-201603-0234
Vulnerability from variot - Updated: 2023-12-18 11:18The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlIf a third party reads unlimited backup data, important information may be obtained. Apple Mac OS X Server is prone to the following security vulnerabilities: 1. Multiple security-bypass vulnerabilities 2. Multiple information-disclosure vulnerabilities An attacker can leverage these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Server App is a set of server management tools. Time Machine is one of the system backup software components. The vulnerability stems from the fact that the program does not notify the user of the ignored permissions when backing up. This issue was addressed through improved warnings. CVE-ID CVE-2016-1774 : CJKApps
Web Server Available for: OS X Yosemite v10.10.5 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a supported cipher. CVE-ID CVE-2016-1777 : Pepi Zawodsky
Web Server Available for: OS X Yosemite v10.10.5 and later Impact: A remote user may be able to view sensitive configuration information Description: A file access issue existed in Apache with .DS_Store and .htaccess files. This issue was addressed through improved access restrictions. CVE-ID CVE-2016-1776 : Shawn Pullum of University of California, Irvine
Wiki Server Available for: OS X Yosemite v10.10.5 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An access issue existed in some Wiki pages. This issue was addressed through improved access restrictions.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9 PZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3 xXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl t2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb bDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8 PJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3 YwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw alfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO wMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q LsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut kuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT 9p0+e+mVlJlCmWiFIwsu =nxck -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.15"
},
{
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (os x yosemite v10.10.5 or later )"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.15"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x5.0.15"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x5.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x5.1"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12"
}
],
"sources": [
{
"db": "BID",
"id": "85054"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1774"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CJKApps, Pepi Zawodsky, Shawn Pullum of University of California, Irvine and an anonymous researcher",
"sources": [
{
"db": "BID",
"id": "85054"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1774",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1774",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90593",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1774",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-374",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90593",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlIf a third party reads unlimited backup data, important information may be obtained. Apple Mac OS X Server is prone to the following security vulnerabilities:\n1. Multiple security-bypass vulnerabilities\n2. Multiple information-disclosure vulnerabilities\nAn attacker can leverage these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Server App is a set of server management tools. Time Machine is one of the system backup software components. The vulnerability stems from the fact that the program does not notify the user of the ignored permissions when backing up. This issue was addressed through improved warnings. \nCVE-ID\nCVE-2016-1774 : CJKApps\n\nWeb Server\nAvailable for: OS X Yosemite v10.10.5 and later\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a supported cipher. \nCVE-ID\nCVE-2016-1777 : Pepi Zawodsky\n\nWeb Server\nAvailable for: OS X Yosemite v10.10.5 and later\nImpact: A remote user may be able to view sensitive configuration\ninformation\nDescription: A file access issue existed in Apache with .DS_Store\nand .htaccess files. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2016-1776 : Shawn Pullum of University of California, Irvine\n\nWiki Server\nAvailable for: OS X Yosemite v10.10.5 and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An access issue existed in some Wiki pages. This issue\nwas addressed through improved access restrictions. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9\nPZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3\nxXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl\nt2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb\nbDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8\nPJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3\nYwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw\nalfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO\nwMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q\nLsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut\nkuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT\n9p0+e+mVlJlCmWiFIwsu\n=nxck\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "BID",
"id": "85054"
},
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "PACKETSTORM",
"id": "136348"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90593",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1774",
"trust": 2.9
},
{
"db": "BID",
"id": "85054",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1035342",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136348",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90593",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "BID",
"id": "85054"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "PACKETSTORM",
"id": "136348"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"id": "VAR-201603-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:18:44.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-03-21-7 OS X Server 5.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00006.html"
},
{
"title": "HT206173",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206173"
},
{
"title": "HT206173",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206173"
},
{
"title": "Apple OS X Server Server App Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60695"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00006.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206173"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/85054"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035342"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1774"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1774"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/server/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht209106"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht209107"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht209108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1774"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1787"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "BID",
"id": "85054"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "PACKETSTORM",
"id": "136348"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90593"
},
{
"db": "BID",
"id": "85054"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"db": "PACKETSTORM",
"id": "136348"
},
{
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-90593"
},
{
"date": "2016-03-21T00:00:00",
"db": "BID",
"id": "85054"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"date": "2016-03-22T15:23:11",
"db": "PACKETSTORM",
"id": "136348"
},
{
"date": "2016-03-24T01:59:42",
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-90593"
},
{
"date": "2018-09-25T04:00:00",
"db": "BID",
"id": "85054"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001872"
},
{
"date": "2016-12-20T02:59:19.807000",
"db": "NVD",
"id": "CVE-2016-1774"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Server of Server App of Time Machine Vulnerability in server where important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-374"
}
],
"trust": 0.6
}
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
CNVD-2016-01887
Vulnerability from cnvd - Published: 2016-03-28
VLAI Severity ?
Title
Apple OS X Server Server App信息泄露漏洞
Description
Apple OS X Server是Apple公司的一套基于Unix的服务器操作软件。Time Machine是其中的一个系统备份软件组件。
Apple OS X Server 5.1之前版本的Server App的Time Machine服务器中存在信息泄露漏洞。由于程序在备份时未通知用户存在忽略的权限,远程攻击者可利用该漏洞获取敏感信息。
Severity
中
Patch Name
Apple OS X Server Server App信息泄露漏洞的补丁
Patch Description
Apple OS X Server是Apple公司的一套基于Unix的服务器操作软件。Time Machine是其中的一个系统备份软件组件。
Apple OS X Server 5.1之前版本的Server App的Time Machine服务器中存在信息泄露漏洞。由于程序在备份时未通知用户存在忽略的权限,远程攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息:
https://support.apple.com/HT206173
Reference
https://support.apple.com/HT206173
Impacted products
| Name | Apple OS X Server <5.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1774"
}
},
"description": "Apple OS X Server\u662fApple\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002Time Machine\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u5907\u4efd\u8f6f\u4ef6\u7ec4\u4ef6\u3002\r\n\r\nApple OS X Server 5.1\u4e4b\u524d\u7248\u672c\u7684Server App\u7684Time Machine\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5728\u5907\u4efd\u65f6\u672a\u901a\u77e5\u7528\u6237\u5b58\u5728\u5ffd\u7565\u7684\u6743\u9650\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "CJKApps",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://support.apple.com/HT206173",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01887",
"openTime": "2016-03-28",
"patchDescription": "Apple OS X Server\u662fApple\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002Time Machine\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u5907\u4efd\u8f6f\u4ef6\u7ec4\u4ef6\u3002\r\n\r\nApple OS X Server 5.1\u4e4b\u524d\u7248\u672c\u7684Server App\u7684Time Machine\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5728\u5907\u4efd\u65f6\u672a\u901a\u77e5\u7528\u6237\u5b58\u5728\u5ffd\u7565\u7684\u6743\u9650\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple OS X Server Server App\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple OS X Server \u003c5.1"
},
"referenceLink": "https://support.apple.com/HT206173",
"serverity": "\u4e2d",
"submitTime": "2016-03-26",
"title": "Apple OS X Server Server App\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
GHSA-QHVF-JHRW-6J38
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2022-05-17 03:21
VLAI?
Details
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-1774"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-24T01:59:00Z",
"severity": "MODERATE"
},
"details": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.",
"id": "GHSA-qhvf-jhrw-6j38",
"modified": "2022-05-17T03:21:05Z",
"published": "2022-05-17T03:21:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1774"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206173"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2016-1774
Vulnerability from fkie_nvd - Published: 2016-03-24 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B549527C-F0D8-49B7-846A-822381DBA317",
"versionEndIncluding": "5.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
},
{
"lang": "es",
"value": "El servidor Time Machine en Server App en Apple OS X Server en versiones anteriores a 5.1 no notifica al usuario sobre los permisos ignorados durante la realizaci\u00f3n de una copia de seguridad, lo que facilita a atacantes remotos obtener informaci\u00f3n sensible en circunstancias oportunistas leyendo los datos de la copia de seguridad que carecen de las restricciones previstas."
}
],
"id": "CVE-2016-1774",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-24T01:59:42.000",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2016-1774
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1774",
"description": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.",
"id": "GSD-2016-1774"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1774"
],
"details": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.",
"id": "GSD-2016-1774",
"modified": "2023-12-13T01:21:24.014759Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.15",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1774"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206173"
},
{
"name": "1035342",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/85054"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2016-12-20T02:59Z",
"publishedDate": "2016-03-24T01:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…