The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service.
Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the default configuration. If no external restrictions, such as firewalls, are in place, this may allow unintended remote use of the HTTP proxy service.
Unauthenticated remote attackers may be able to use the HTTP proxy service running on the local machine. This may result in the attacker gaining the ability to access previously inaccessible network locations or to hide the true origin of their attack.
Apply An Update
Apple has addressed the issue in Security Update 2005-005.
Thanks to Apple Product Security for reporting this vulnerability.
|Date First Published:||2005-05-09|
|Date Last Updated:||2005-07-06 18:02 UTC|