Sign-up

ID

VAR-201504-0101


CVE

CVE-2015-1150


TITLE

Apple OS X Server of Firewall Vulnerability that bypasses network access restrictions in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-002507

DESCRIPTION

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlA third party may be able to circumvent network access restrictions by sending packets that were intended for custom rule blocks. Apple Mac OS X Server is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Firewall is one of the firewall components

Trust: 1.98

sources: NVD: CVE-2015-1150 // JVNDB: JVNDB-2015-002507 // BID: 74356 // VULHUB: VHN-79111

AFFECTED PRODUCTS

vendor:applemodel:os x serverscope:lteversion:4.0

Trust: 1.0

vendor:applemodel:macos serverscope:ltversion:4.1 (os x yosemite v10.10 or later )

Trust: 0.8

vendor:applemodel:os x serverscope:eqversion:4.0

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x3.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x3.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x3.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x4.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x3.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x4.1

Trust: 0.3

sources: BID: 74356 // JVNDB: JVNDB-2015-002507 // CNNVD: CNNVD-201504-566 // NVD: CVE-2015-1150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1150
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1150
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-566
value: MEDIUM

Trust: 0.6

VULHUB: VHN-79111
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1150
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79111
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79111 // JVNDB: JVNDB-2015-002507 // CNNVD: CNNVD-201504-566 // NVD: CVE-2015-1150

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-79111 // JVNDB: JVNDB-2015-002507 // NVD: CVE-2015-1150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-566

TYPE

Design Error

Trust: 0.3

sources: BID: 74356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002507

PATCH
title:APPLE-SA-2015-04-24-1 OS X Server v4.1url:http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html
Trust: 0.8
title:HT204201url:http://support.apple.com/en-us/HT204201
Trust: 0.8
title:HT204201url:http://support.apple.com/ja-jp/HT204201
Trust: 0.8
title:Server41url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55364
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-002507 // 
            
            
            
            CNNVD: CNNVD-201504-566

EXTERNAL IDS
db:NVDid:CVE-2015-1150
Trust: 2.8
db:SECTRACKid:1032197
Trust: 1.1
db:JVNDBid:JVNDB-2015-002507
Trust: 0.8
db:CNNVDid:CNNVD-201504-566
Trust: 0.7
db:SECUNIAid:63997
Trust: 0.6
db:BIDid:74356
Trust: 0.4
db:VULHUBid:VHN-79111
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79111 // 
            
            
            
            BID: 74356 // 
            
            
            
            JVNDB: JVNDB-2015-002507 // 
            
            
            
            CNNVD: CNNVD-201504-566 // 
            
            
            
            NVD: CVE-2015-1150

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/apr/msg00006.html
Trust: 1.7
url:https://support.apple.com/ht204201
Trust: 1.7
url:http://www.securitytracker.com/id/1032197
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1150
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1150
Trust: 0.8
url:http://secunia.com/advisories/63997
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://prod.lists.apple.com/archives/security-announce/2015/apr/msg00006.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-79111 // 
            
            
            
            BID: 74356 // 
            
            
            
            JVNDB: JVNDB-2015-002507 // 
            
            
            
            CNNVD: CNNVD-201504-566 // 
            
            
            
            NVD: CVE-2015-1150

CREDITS
Phil Schumm of the Research Computing Group, University of Chicago
Trust: 0.3
sources:
            
            
            BID: 74356

SOURCES
db:VULHUBid:VHN-79111
db:BIDid:74356
db:JVNDBid:JVNDB-2015-002507
db:CNNVDid:CNNVD-201504-566
db:NVDid:CVE-2015-1150

LAST UPDATE DATE
2025-04-13T23:27:33.431000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79111date:2016-04-01T00:00:00
db:BIDid:74356date:2015-04-24T00:00:00
db:JVNDBid:JVNDB-2015-002507date:2015-04-30T00:00:00
db:CNNVDid:CNNVD-201504-566date:2015-04-29T00:00:00
db:NVDid:CVE-2015-1150date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-79111date:2015-04-28T00:00:00
db:BIDid:74356date:2015-04-24T00:00:00
db:JVNDBid:JVNDB-2015-002507date:2015-04-30T00:00:00
db:CNNVDid:CNNVD-201504-566date:2015-04-29T00:00:00
db:NVDid:CVE-2015-1150date:2015-04-28T22:59:00.077