CVE-2013-0966Apple MAC OS X vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 52.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedMar 15
Latest updateMay 17

Description

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDapple/mac_os_x_server7 versions+6
NVDapple/mac_os_x10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-77x7-vcp7-crf2: The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 102022-05-17
CVEList
CVE-2013-0966: The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 102013-03-15
CVE-2013-0966 — Apple MAC OS X vulnerability | cvebase