VAR-201507-0438
Vulnerability from variot - Updated: 2023-12-18 11:39The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. Supplementary information : CWE Vulnerability types by CWE-284: Improper Access Control ( Improper access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlExpertly crafted by a third party URL Through HTTP Authentication may be bypassed. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. The vulnerability is caused by the program not enabling the mod_hfs_apple module
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.6"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.4"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
}
],
"sources": [
{
"db": "BID",
"id": "75493"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP\u0027s Zero Day Initiative, Pawel Wylecial working with HP\u0027s Zero Day Initiative, John Villamil (@day6rea",
"sources": [
{
"db": "BID",
"id": "75493"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3675",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81636",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3675",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81636",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3675",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. Supplementary information : CWE Vulnerability types by CWE-284: Improper Access Control ( Improper access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlExpertly crafted by a third party URL Through HTTP Authentication may be bypassed. Apple Mac OS X is prone to multiple security vulnerabilities. \nThe update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nThese issues affect OS X prior to 10.10.4. The vulnerability is caused by the program not enabling the mod_hfs_apple module",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "BID",
"id": "75493"
},
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "VULMON",
"id": "CVE-2015-3675"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3675",
"trust": 2.9
},
{
"db": "BID",
"id": "75493",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032760",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81636",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"db": "BID",
"id": "75493"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"id": "VAR-201507-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81636"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:39:01.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht204942"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204942"
},
{
"title": "quicktime7.7.7_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56517"
},
{
"title": "osxupd10.10.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56516"
},
{
"title": "iPhone7,1_8.4_12H143_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56515"
},
{
"title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/75493"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032760"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3675"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3675"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-adminframework-cve-2015-3718"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"db": "BID",
"id": "75493"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81636"
},
{
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"db": "BID",
"id": "75493"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-81636"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75493"
},
{
"date": "2015-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"date": "2015-07-03T01:59:32.073000",
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-81636"
},
{
"date": "2017-09-22T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3675"
},
{
"date": "2015-07-15T00:57:00",
"db": "BID",
"id": "75493"
},
{
"date": "2015-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003374"
},
{
"date": "2017-09-22T01:29:12.953000",
"db": "NVD",
"id": "CVE-2015-3675"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Run on Apache HTTP Server In the default settings of HTTP Vulnerability bypassing authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "75493"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…