CVE-2011-0212XML External Entity (XXE) Injection in Apple MAC OS X Server

CWE-3993 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.6%
top 29.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X Server
Timeline
PublishedJun 24
Latest updateMay 17

Description

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapple/mac_os_x_server8 versions+7

Patches

Patch: lists.apple.comPatch: support.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-938f-xc6w-fhh4: servermgrd in Apple Mac OS X before 102022-05-17
CVEList
CVE-2011-0212: servermgrd in Apple Mac OS X before 102011-06-24
CVE-2011-0212 — XML External Entity (XXE) Injection | cvebase