cvelistv5 - cve-2016-4694

CVE-2016-4694 (GCVE-0-2016-4694)

Vulnerability from cvelistv5 – Published: 2016-09-25 10:00 – Updated: 2024-08-06 00:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securityfocus.com/bid/93060	vdb-entryx_refsource_BID
	https://support.apple.com/HT207171	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id/1036853	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT207170	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:26.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93060",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93060"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207171"
          },
          {
            "name": "APPLE-SA-2016-09-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
          },
          {
            "name": "1036853",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036853"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207170"
          },
          {
            "name": "APPLE-SA-2016-09-20-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "93060",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93060"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207171"
        },
        {
          "name": "APPLE-SA-2016-09-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
        },
        {
          "name": "1036853",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036853"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207170"
        },
        {
          "name": "APPLE-SA-2016-09-20-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93060",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93060"
            },
            {
              "name": "https://support.apple.com/HT207171",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207171"
            },
            {
              "name": "APPLE-SA-2016-09-20",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
            },
            {
              "name": "1036853",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036853"
            },
            {
              "name": "https://support.apple.com/HT207170",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207170"
            },
            {
              "name": "APPLE-SA-2016-09-20-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4694",
    "datePublished": "2016-09-25T10:00:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:39:26.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.11.6\", \"matchCriteriaId\": \"FEEAF544-405E-4A75-9206-5CC4EDCE2F05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1\", \"matchCriteriaId\": \"172EFA7C-8DFB-4CB8-8B54-048A51438C79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \\\"httpoxy\\\" issue, a related issue to CVE-2016-5387.\"}, {\"lang\": \"es\", \"value\": \"El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la secci\\u00f3n 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podr\\u00eda permitir a atacantes remotos redireccionar el tr\\u00e1fico HTTP fuera de rango de una aplicaci\\u00f3n a un servidor proxy arbitrario a trav\\u00e9s de una cabecera Proxy manipulada en una petici\\u00f3n HTTP, problema tambi\\u00e9n conocido como \\\"httpoxy\\\", un problema relacionado con CVE-2016-5387.\"}]",
      "id": "CVE-2016-4694",
      "lastModified": "2024-11-21T02:52:46.940",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-09-25T10:59:03.450",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93060\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036853\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207170\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207171\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036853\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4694\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-09-25T10:59:03.450\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \\\"httpoxy\\\" issue, a related issue to CVE-2016-5387.\"},{\"lang\":\"es\",\"value\":\"El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la secci\u00f3n 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podr\u00eda permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP fuera de rango de una aplicaci\u00f3n a un servidor proxy arbitrario a trav\u00e9s de una cabecera Proxy manipulada en una petici\u00f3n HTTP, problema tambi\u00e9n conocido como \\\"httpoxy\\\", un problema relacionado con CVE-2016-5387.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.6\",\"matchCriteriaId\":\"FEEAF544-405E-4A75-9206-5CC4EDCE2F05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1\",\"matchCriteriaId\":\"172EFA7C-8DFB-4CB8-8B54-048A51438C79\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93060\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1036853\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207170\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207171\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-08341

Vulnerability from cnvd - Published: 2016-09-30

Title

Apple OS X和OS X Server Apache HTTP Server重定向漏洞

Description

Apple OS X和OS X Server都是美国苹果（Apple）公司的产品。Apple OS X是为Mac计算机所开发的一套专用操作系统；OS X Server是一套基于Unix的服务器操作软件。Apache HTTP Server是美国阿帕奇（Apache）软件基金会的一款用在Apple OS X中的开源网页服务器。 Apple OS X 10.12之前的版本和OS X Server 5.2之前的版本中的Apache HTTP Server中存在重定向漏洞，远程攻击者可借助HTTP请求中特制的Proxy header消息，利用该漏洞重定向应用程序的HTTP数据流到任意代理服务器。

Severity

高

Patch Name

Apple OS X和OS X Server Apache HTTP Server重定向漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/HT207170

Reference

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93060

Impacted products

Name
['Apple OS X <10.12', 'Apple OS X Server <5.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93060"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4694"
    }
  },
  "description": "Apple OS X\u548cOS X Server\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple OS X\u662f\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\uff1bOS X Server\u662f\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7528\u5728Apple OS X\u4e2d\u7684\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\r\n\r\nApple OS X 10.12\u4e4b\u524d\u7684\u7248\u672c\u548cOS X Server 5.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Apache HTTP Server\u4e2d\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9HTTP\u8bf7\u6c42\u4e2d\u7279\u5236\u7684Proxy header\u6d88\u606f\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u5b9a\u5411\u5e94\u7528\u7a0b\u5e8f\u7684HTTP\u6570\u636e\u6d41\u5230\u4efb\u610f\u4ee3\u7406\u670d\u52a1\u5668\u3002",
  "discovererName": "Dominic Scheirlinck and Scott Geary of Vend",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/HT207170",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08341",
  "openTime": "2016-09-30",
  "patchDescription": "Apple OS X\u548cOS X Server\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple OS X\u662f\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\uff1bOS X Server\u662f\u4e00\u5957\u57fa\u4e8eUnix\u7684\u670d\u52a1\u5668\u64cd\u4f5c\u8f6f\u4ef6\u3002Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7528\u5728Apple OS X\u4e2d\u7684\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\r\n\r\nApple OS X 10.12\u4e4b\u524d\u7684\u7248\u672c\u548cOS X Server 5.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Apache HTTP Server\u4e2d\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9HTTP\u8bf7\u6c42\u4e2d\u7279\u5236\u7684Proxy header\u6d88\u606f\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u5b9a\u5411\u5e94\u7528\u7a0b\u5e8f\u7684HTTP\u6570\u636e\u6d41\u5230\u4efb\u610f\u4ee3\u7406\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X\u548cOS X Server Apache HTTP Server\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple OS X \u003c10.12",
      "Apple OS X Server  \u003c5.2"
    ]
  },
  "referenceLink": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\r\nhttp://www.securityfocus.com/bid/93060",
  "serverity": "\u9ad8",
  "submitTime": "2016-09-28",
  "title": "Apple OS X\u548cOS X Server Apache HTTP Server\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

VAR-201609-0260

Vulnerability from variot - Updated: 2023-12-18 11:29

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. This vulnerability "httpoxy" Is called a problem. This vulnerability CVE-2016-5387 And related issues. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X and Mac OS X Server are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI. CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend

ServerDocs Server Available for: macOS 10.12 Sierra Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a supported cipher. CVE-2016-4754 : Pepi Zawodsky

macOS Server 5.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4YD4AAoJEIOj74w0bLRGbWQP+gOZSLCIIprhLJ6wLJp1Hbb+ gxS09PZJSp32xDnmyMdzcKUFsQ8UfO9iSZBs7Yge8nAjQLxKt/dlopXZPIg4t4GY qSx1wOZ3yj+74LBnhEG/KVeibl8JH9MJEnhWMB9cwMbnQnROc72F418R+Ic8QPXg 4t4tgKWYWR+vS2Gx+FOvIat68siUjsU8G9jvs3wqKbTzuicDEFCDoK9MYQRdcV6Z fluIN4qFb3z0tJihq9WrZlkiARPe5cf8or1aynDpPNSxmMnJV+wv5xnbqx7kPOcE cuqhmy3SUn40jbIFPzuXmnypn1MDS9RxU6T2w/o3EU71h+w5ImLE86MlTEQPVmJJ fapPvjPSqe6iNA7o4sXZ9dfodZtfP9v6fxuoUqfoYRRTIoYECYk2MzhEUfxe64VE f17H0suurHhXuBDF5Q3k6yO5zoijwq7A3sGv9Kgq6lPuBgKWYqJY14t7YVx81Myi yUbAfXqErypxvCgrX2/AO/ItEPK5DlDK555DbWjd01Jnfy2ckae7W6lBulfYgMNG SP6j1KdgM+aH4Av2JxgBxPXoBnUzGZYnEbc4iy/17GzQruAmU0q59wm4XhzC/84W 5m9Ti+tDODPGqJpYFytB11z9X8Jtj9zK0F4T/+QHQO/BJbWLZzbYWrd3jslOIb1W iGD5h8KmNhjoS3LLutKE =HbXq -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0260",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "os x server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.2   (macos sierra 10.12)"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x5.0.15"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x5.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x4.1.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x4.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "macos server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dominic Scheirlinck and Scott Geary of Vend",
    "sources": [
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-4694",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4694",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-93513",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4694",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4694",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-488",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93513",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4694",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387. This vulnerability \"httpoxy\" Is called a problem. This vulnerability CVE-2016-5387 And related issues. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X and Mac OS X Server are prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This issue was addressed by not setting the\nHTTP_PROXY environment variable from CGI. \nCVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend\n\nServerDocs Server\nAvailable for:  macOS 10.12 Sierra\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a supported cipher. \nCVE-2016-4754 : Pepi Zawodsky\n\nmacOS Server 5.2 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJX4YD4AAoJEIOj74w0bLRGbWQP+gOZSLCIIprhLJ6wLJp1Hbb+\ngxS09PZJSp32xDnmyMdzcKUFsQ8UfO9iSZBs7Yge8nAjQLxKt/dlopXZPIg4t4GY\nqSx1wOZ3yj+74LBnhEG/KVeibl8JH9MJEnhWMB9cwMbnQnROc72F418R+Ic8QPXg\n4t4tgKWYWR+vS2Gx+FOvIat68siUjsU8G9jvs3wqKbTzuicDEFCDoK9MYQRdcV6Z\nfluIN4qFb3z0tJihq9WrZlkiARPe5cf8or1aynDpPNSxmMnJV+wv5xnbqx7kPOcE\ncuqhmy3SUn40jbIFPzuXmnypn1MDS9RxU6T2w/o3EU71h+w5ImLE86MlTEQPVmJJ\nfapPvjPSqe6iNA7o4sXZ9dfodZtfP9v6fxuoUqfoYRRTIoYECYk2MzhEUfxe64VE\nf17H0suurHhXuBDF5Q3k6yO5zoijwq7A3sGv9Kgq6lPuBgKWYqJY14t7YVx81Myi\nyUbAfXqErypxvCgrX2/AO/ItEPK5DlDK555DbWjd01Jnfy2ckae7W6lBulfYgMNG\nSP6j1KdgM+aH4Av2JxgBxPXoBnUzGZYnEbc4iy/17GzQruAmU0q59wm4XhzC/84W\n5m9Ti+tDODPGqJpYFytB11z9X8Jtj9zK0F4T/+QHQO/BJbWLZzbYWrd3jslOIb1W\niGD5h8KmNhjoS3LLutKE\n=HbXq\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "PACKETSTORM",
        "id": "138794"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-93513",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4694",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "93060",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1036853",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU90950877",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "138794",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-93513",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "PACKETSTORM",
        "id": "138794"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "id": "VAR-201609-0260",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:29:50.848000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-09-20 macOS Sierra 10.12",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
      },
      {
        "title": "APPLE-SA-2016-09-20-4 macOS Server 5.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00009.html"
      },
      {
        "title": "HT207171",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207171"
      },
      {
        "title": "HT207170",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207170"
      },
      {
        "title": "HT207170",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207170"
      },
      {
        "title": "HT207171",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207171"
      },
      {
        "title": "Apple OS X  and OS X Server Apache HTTP Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64354"
      },
      {
        "title": "Apple: macOS Server 5.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e43da3314b76935ab942480a3937fdb9"
      },
      {
        "title": "Apple: macOS Sierra 10.12",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=56fe8957a503c1b7b6f00fbd6d759042"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/apple-squashes-68-security-bugs-with-sierra-release/120738/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/93060"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00009.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207170"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207171"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1036853"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4694"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90950877/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4694"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/server/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00009.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/284.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2016-4694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht207171"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/apple-squashes-68-security-bugs-with-sierra-release/120738/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48972"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4754"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4694"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "PACKETSTORM",
        "id": "138794"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "db": "BID",
        "id": "93060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "db": "PACKETSTORM",
        "id": "138794"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "date": "2016-09-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "date": "2016-09-20T00:00:00",
        "db": "BID",
        "id": "93060"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "date": "2016-09-20T15:04:44",
        "db": "PACKETSTORM",
        "id": "138794"
      },
      {
        "date": "2016-09-25T10:59:03.450000",
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93513"
      },
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4694"
      },
      {
        "date": "2016-09-20T00:00:00",
        "db": "BID",
        "id": "93060"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      },
      {
        "date": "2017-07-30T01:29:04.240000",
        "db": "NVD",
        "id": "CVE-2016-4694"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X and  OS X Server of  Apache HTTP Server Application outbound  HTTP Vulnerability that redirects traffic to an arbitrary proxy server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004955"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-488"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-4694

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4694

Aliases

CVE-2016-4694

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4694",
    "description": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387.",
    "id": "GSD-2016-4694"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4694"
      ],
      "details": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387.",
      "id": "GSD-2016-4694",
      "modified": "2023-12-13T01:21:18.373839Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4694",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93060",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93060"
          },
          {
            "name": "https://support.apple.com/HT207171",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207171"
          },
          {
            "name": "APPLE-SA-2016-09-20",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
          },
          {
            "name": "1036853",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036853"
          },
          {
            "name": "https://support.apple.com/HT207170",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207170"
          },
          {
            "name": "APPLE-SA-2016-09-20-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4694"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207170",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207170"
            },
            {
              "name": "APPLE-SA-2016-09-20-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
            },
            {
              "name": "https://support.apple.com/HT207171",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207171"
            },
            {
              "name": "APPLE-SA-2016-09-20",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
            },
            {
              "name": "93060",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93060"
            },
            {
              "name": "1036853",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036853"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2017-07-30T01:29Z",
      "publishedDate": "2016-09-25T10:59Z"
    }
  }
}

CERTFR-2016-AVI-316

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iCloud pour Windows versions antérieures à 6.0
Apple	macOS	macOS Sierra versions antérieures à 10.12
Apple	macOS	macOS Server versions antérieures à 5.2
Apple	Safari	Safari versions antérieures à 10

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207171 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207157 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207147 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207170 du 20 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4698"
    },
    {
      "name": "CVE-2016-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4707"
    },
    {
      "name": "CVE-2016-4769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4769"
    },
    {
      "name": "CVE-2016-4739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4739"
    },
    {
      "name": "CVE-2016-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4766"
    },
    {
      "name": "CVE-2016-4728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4728"
    },
    {
      "name": "CVE-2016-4725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4725"
    },
    {
      "name": "CVE-2016-4618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4618"
    },
    {
      "name": "CVE-2016-4736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
    },
    {
      "name": "CVE-2016-4753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4753"
    },
    {
      "name": "CVE-2016-4726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4726"
    },
    {
      "name": "CVE-2016-4710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4710"
    },
    {
      "name": "CVE-2016-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4767"
    },
    {
      "name": "CVE-2016-4748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4748"
    },
    {
      "name": "CVE-2016-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5768"
    },
    {
      "name": "CVE-2016-4731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4731"
    },
    {
      "name": "CVE-2016-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
    },
    {
      "name": "CVE-2016-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4751"
    },
    {
      "name": "CVE-2016-4724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4724"
    },
    {
      "name": "CVE-2016-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4777"
    },
    {
      "name": "CVE-2016-4730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4730"
    },
    {
      "name": "CVE-2016-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4735"
    },
    {
      "name": "CVE-2016-4702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4702"
    },
    {
      "name": "CVE-2016-6290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6290"
    },
    {
      "name": "CVE-2016-4745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4745"
    },
    {
      "name": "CVE-2016-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4755"
    },
    {
      "name": "CVE-2016-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6296"
    },
    {
      "name": "CVE-2016-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4779"
    },
    {
      "name": "CVE-2016-6295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6295"
    },
    {
      "name": "CVE-2016-4711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4711"
    },
    {
      "name": "CVE-2016-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4774"
    },
    {
      "name": "CVE-2016-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4762"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4768"
    },
    {
      "name": "CVE-2016-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4758"
    },
    {
      "name": "CVE-2016-4723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4723"
    },
    {
      "name": "CVE-2016-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6174"
    },
    {
      "name": "CVE-2016-6291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6291"
    },
    {
      "name": "CVE-2016-4712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4712"
    },
    {
      "name": "CVE-2016-6292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6292"
    },
    {
      "name": "CVE-2016-4696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4696"
    },
    {
      "name": "CVE-2016-4773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4773"
    },
    {
      "name": "CVE-2016-4771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4771"
    },
    {
      "name": "CVE-2016-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4700"
    },
    {
      "name": "CVE-2016-4760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4760"
    },
    {
      "name": "CVE-2016-4729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4729"
    },
    {
      "name": "CVE-2016-4727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4727"
    },
    {
      "name": "CVE-2016-4699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4699"
    },
    {
      "name": "CVE-2016-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4778"
    },
    {
      "name": "CVE-2016-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4759"
    },
    {
      "name": "CVE-2016-6289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6289"
    },
    {
      "name": "CVE-2016-4708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4708"
    },
    {
      "name": "CVE-2016-4713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4713"
    },
    {
      "name": "CVE-2016-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4754"
    },
    {
      "name": "CVE-2016-4722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4722"
    },
    {
      "name": "CVE-2016-4716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4716"
    },
    {
      "name": "CVE-2016-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4611"
    },
    {
      "name": "CVE-2016-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6288"
    },
    {
      "name": "CVE-2016-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5771"
    },
    {
      "name": "CVE-2016-4718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4718"
    },
    {
      "name": "CVE-2016-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4772"
    },
    {
      "name": "CVE-2016-4701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4701"
    },
    {
      "name": "CVE-2016-4697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4697"
    },
    {
      "name": "CVE-2016-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4715"
    },
    {
      "name": "CVE-2016-6294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6294"
    },
    {
      "name": "CVE-2016-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5773"
    },
    {
      "name": "CVE-2016-4717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4717"
    },
    {
      "name": "CVE-2016-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5772"
    },
    {
      "name": "CVE-2016-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4742"
    },
    {
      "name": "CVE-2016-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6297"
    },
    {
      "name": "CVE-2016-4737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4737"
    },
    {
      "name": "CVE-2016-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4775"
    },
    {
      "name": "CVE-2016-4694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4694"
    },
    {
      "name": "CVE-2016-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4733"
    },
    {
      "name": "CVE-2016-4706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4706"
    },
    {
      "name": "CVE-2016-5770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5770"
    },
    {
      "name": "CVE-2016-4709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4709"
    },
    {
      "name": "CVE-2016-4763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4763"
    },
    {
      "name": "CVE-2016-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4752"
    },
    {
      "name": "CVE-2016-4750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4750"
    },
    {
      "name": "CVE-2016-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4734"
    },
    {
      "name": "CVE-2016-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4776"
    },
    {
      "name": "CVE-2016-5769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5769"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2016-4765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4765"
    },
    {
      "name": "CVE-2016-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
    },
    {
      "name": "CVE-2016-4703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4703"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207171 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207157 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207147 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207170 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207170"
    }
  ]
}

CERTFR-2016-AVI-316

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iCloud pour Windows versions antérieures à 6.0
Apple	macOS	macOS Sierra versions antérieures à 10.12
Apple	macOS	macOS Server versions antérieures à 5.2
Apple	Safari	Safari versions antérieures à 10

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207171 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207157 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207147 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207170 du 20 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4698"
    },
    {
      "name": "CVE-2016-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4707"
    },
    {
      "name": "CVE-2016-4769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4769"
    },
    {
      "name": "CVE-2016-4739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4739"
    },
    {
      "name": "CVE-2016-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4766"
    },
    {
      "name": "CVE-2016-4728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4728"
    },
    {
      "name": "CVE-2016-4725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4725"
    },
    {
      "name": "CVE-2016-4618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4618"
    },
    {
      "name": "CVE-2016-4736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
    },
    {
      "name": "CVE-2016-4753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4753"
    },
    {
      "name": "CVE-2016-4726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4726"
    },
    {
      "name": "CVE-2016-4710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4710"
    },
    {
      "name": "CVE-2016-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4767"
    },
    {
      "name": "CVE-2016-4748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4748"
    },
    {
      "name": "CVE-2016-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5768"
    },
    {
      "name": "CVE-2016-4731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4731"
    },
    {
      "name": "CVE-2016-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
    },
    {
      "name": "CVE-2016-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4751"
    },
    {
      "name": "CVE-2016-4724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4724"
    },
    {
      "name": "CVE-2016-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4777"
    },
    {
      "name": "CVE-2016-4730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4730"
    },
    {
      "name": "CVE-2016-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4735"
    },
    {
      "name": "CVE-2016-4702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4702"
    },
    {
      "name": "CVE-2016-6290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6290"
    },
    {
      "name": "CVE-2016-4745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4745"
    },
    {
      "name": "CVE-2016-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4755"
    },
    {
      "name": "CVE-2016-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6296"
    },
    {
      "name": "CVE-2016-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4779"
    },
    {
      "name": "CVE-2016-6295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6295"
    },
    {
      "name": "CVE-2016-4711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4711"
    },
    {
      "name": "CVE-2016-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4774"
    },
    {
      "name": "CVE-2016-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4762"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4768"
    },
    {
      "name": "CVE-2016-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4758"
    },
    {
      "name": "CVE-2016-4723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4723"
    },
    {
      "name": "CVE-2016-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6174"
    },
    {
      "name": "CVE-2016-6291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6291"
    },
    {
      "name": "CVE-2016-4712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4712"
    },
    {
      "name": "CVE-2016-6292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6292"
    },
    {
      "name": "CVE-2016-4696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4696"
    },
    {
      "name": "CVE-2016-4773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4773"
    },
    {
      "name": "CVE-2016-4771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4771"
    },
    {
      "name": "CVE-2016-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4700"
    },
    {
      "name": "CVE-2016-4760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4760"
    },
    {
      "name": "CVE-2016-4729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4729"
    },
    {
      "name": "CVE-2016-4727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4727"
    },
    {
      "name": "CVE-2016-4699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4699"
    },
    {
      "name": "CVE-2016-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4778"
    },
    {
      "name": "CVE-2016-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4759"
    },
    {
      "name": "CVE-2016-6289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6289"
    },
    {
      "name": "CVE-2016-4708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4708"
    },
    {
      "name": "CVE-2016-4713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4713"
    },
    {
      "name": "CVE-2016-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4754"
    },
    {
      "name": "CVE-2016-4722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4722"
    },
    {
      "name": "CVE-2016-4716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4716"
    },
    {
      "name": "CVE-2016-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4611"
    },
    {
      "name": "CVE-2016-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6288"
    },
    {
      "name": "CVE-2016-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5771"
    },
    {
      "name": "CVE-2016-4718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4718"
    },
    {
      "name": "CVE-2016-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4772"
    },
    {
      "name": "CVE-2016-4701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4701"
    },
    {
      "name": "CVE-2016-4697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4697"
    },
    {
      "name": "CVE-2016-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4715"
    },
    {
      "name": "CVE-2016-6294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6294"
    },
    {
      "name": "CVE-2016-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5773"
    },
    {
      "name": "CVE-2016-4717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4717"
    },
    {
      "name": "CVE-2016-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5772"
    },
    {
      "name": "CVE-2016-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4742"
    },
    {
      "name": "CVE-2016-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6297"
    },
    {
      "name": "CVE-2016-4737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4737"
    },
    {
      "name": "CVE-2016-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4775"
    },
    {
      "name": "CVE-2016-4694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4694"
    },
    {
      "name": "CVE-2016-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4733"
    },
    {
      "name": "CVE-2016-4706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4706"
    },
    {
      "name": "CVE-2016-5770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5770"
    },
    {
      "name": "CVE-2016-4709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4709"
    },
    {
      "name": "CVE-2016-4763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4763"
    },
    {
      "name": "CVE-2016-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4752"
    },
    {
      "name": "CVE-2016-4750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4750"
    },
    {
      "name": "CVE-2016-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4734"
    },
    {
      "name": "CVE-2016-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4776"
    },
    {
      "name": "CVE-2016-5769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5769"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2016-4765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4765"
    },
    {
      "name": "CVE-2016-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
    },
    {
      "name": "CVE-2016-4703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4703"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207171 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207157 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207147 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207170 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207170"
    }
  ]
}

FKIE_CVE-2016-4694

Vulnerability from fkie_nvd - Published: 2016-09-25 10:59 - Updated: 2025-04-12 10:46

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html	Mailing List, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/93060
product-security@apple.com	http://www.securitytracker.com/id/1036853
product-security@apple.com	https://support.apple.com/HT207170	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207171	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93060
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036853
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207170	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207171	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	apple	os_x_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEAF544-405E-4A75-9206-5CC4EDCE2F05",
              "versionEndIncluding": "10.11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "172EFA7C-8DFB-4CB8-8B54-048A51438C79",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387."
    },
    {
      "lang": "es",
      "value": "El Apache HTTP Server en Apple OS X en versiones anteriores a 10.12 y OS X Server en versiones anteriores a 5.2 sigue a la secci\u00f3n 4.1.18 del RFC 3875 y por lo tanto no protege aplicaciones de la presencia de datos de cliente CGI no confiables en el entorno variable HTTP_PROXY, lo que podr\u00eda permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP fuera de rango de una aplicaci\u00f3n a un servidor proxy arbitrario a trav\u00e9s de una cabecera Proxy manipulada en una petici\u00f3n HTTP, problema tambi\u00e9n conocido como \"httpoxy\", un problema relacionado con CVE-2016-5387."
    }
  ],
  "id": "CVE-2016-4694",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-25T10:59:03.450",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/93060"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1036853"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207170"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207171"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R72M-C53Q-265M

Vulnerability from github – Published: 2022-05-17 02:22 – Updated: 2022-05-17 02:22

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-25T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue, a related issue to CVE-2016-5387.",
  "id": "GHSA-r72m-c53q-265m",
  "modified": "2022-05-17T02:22:16Z",
  "published": "2022-05-17T02:22:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4694"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207170"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207171"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93060"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036853"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4694 (GCVE-0-2016-4694)

CNVD-2016-08341

VAR-201609-0260

GSD-2016-4694

CERTFR-2016-AVI-316

Solution

CERTFR-2016-AVI-316

Solution

FKIE_CVE-2016-4694

GHSA-R72M-C53Q-265M

Tags

Sightings

Nomenclature