Vulnerability Description
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X Server | 10.6.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4723PatchVendor Advisory
- http://www.securityfocus.com/bid/48445
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4723PatchVendor Advisory
- http://www.securityfocus.com/bid/48445
FAQ
What is CVE-2011-0212?
CVE-2011-0212 is a vulnerability with a CVSS score of 6.4 (MEDIUM). servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption...
How severe is CVE-2011-0212?
CVE-2011-0212 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0212?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X Server.