{"vuid":"VU#140470","idnumber":"140470","name":"Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service","keywords":["Apple","Mac OS X Server Admin","HTTP"],"overview":"The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service.","clean_desc":"Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the default configuration. If no external restrictions, such as firewalls, are in place, this may allow unintended remote use of the HTTP proxy service.","impact":"Unauthenticated remote attackers may be able to use the HTTP proxy service running on the local machine. This may result in the attacker gaining the ability to access previously inaccessible network locations or to hide the true origin of their attack.","resolution":"Apply An Update Apple has addressed the issue in Security Update 2005-005.","workarounds":"As a workaround, other access restrictions such as firewalls may be used to restrict access to the HTTP proxy service.","sysaffected":"","thanks":"Thanks to Apple Product Security for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://docs.info.apple.com/article.html?artnum=301528","http://secunia.com/advisories/15227/"],"cveids":["CVE-2005-1340"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-05-04T17:06:25Z","publicdate":"2005-05-03T00:00:00Z","datefirstpublished":"2005-05-09T16:42:33Z","dateupdated":"2005-07-06T18:02:09Z","revision":4,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"15","cam_impact":"4","cam_easeofexploitation":"15","cam_attackeraccessrequired":"17","cam_scorecurrent":"6.885","cam_scorecurrentwidelyknown":"8.319375","cam_scorecurrentwidelyknownexploited":"14.056875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.885,"vulnote":null}