|
|
|
 |
Vulnerability Note VU#140470Apple Mac OS X Server Admin fails to properly restrict users from using the proxy serviceOverviewThe Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service.I. DescriptionMac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the default configuration. If no external restrictions, such as firewalls, are in place, this may allow unintended remote use of the HTTP proxy service.II. ImpactUnauthenticated remote attackers may be able to use the HTTP proxy service running on the local machine. This may result in the attacker gaining the ability to access previously inaccessible network locations or to hide the true origin of their attack.III. SolutionApply An UpdateApple has addressed the issue in Security Update 2005-005.
References
Thanks to Apple Product Security for reporting this vulnerability. This document was written by Ken MacInnis.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader