Details of VAR-201509-0049

ID

VAR-201509-0049

CVE

CVE-2015-5911

TITLE

Apple OS X Server of Wiki Server Twisted Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-004796

DESCRIPTION

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. Attackers can exploit these issues to bypass security restrictions and perform other attacks. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Wiki Server is one of the web-based services that provides functions such as wikis, blogs, calendars, and contacts. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. CVE-ID CVE-2014-8500 CVE-2015-1349 PostgreSQL Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9. This issue was addressed by removing Twisted. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV+cTeAAoJEBcWfLTuOo7tAaoP/A6mRcB0zcLWjPVf4Aatmaha z8CXbm0hBfcGcVR4iqyVMVRCS9NEY4u3dyXIuHVA+zWM1qNb+kolm/1oIT4mwUlk C2mBlcu92FhGe0+5qsDYEOVHbQrhX+fWI4icG35Tke6IU2Rmdl1vyzZbk3TikOl7 WxHxcn7lcFZqUgqq2FM3I/P06yuC75NSNj85+7ZIySpRhwQQ3AVgWal8SEH/Gufv ScT4Oj0ejD9SlzkTBCkvOYpzN8jumkIqRbtKuAKZV0BIf50eyoUYmNYvBwwKoHa7 l2MgRzdtZu9qrdIJ26pkPYuPd39ChsLveBOjciMT85ZcfwJKWb2XvJ7YUVAy9SKv IXkuiePRMbxSc3o5Tv0CKt9hf06irAMhNw/sujwQfAIyCw0iWLtaEjPveBafbBZ5 bWoHUdLojK5ubaAjOGH/R1QfSB99IasxLo7DldKzLHuff5LAXqQLBXrVyce2C8ug GxJjJjVcD6KoBB2bZ6a/J9lBBft9CTISQIS3g7o8iYaRg0cpNE1yIa0IEWinpfPb eYA3mAxAVXeSZ2cB346DrEGVSJO3RCQb7IxSi6fu2/4FlAyoMzAK5unIaU02E8Y4 c4wKGN4cWSP9RdiJrwCQmzzYPv8ClaJF6ZinNo0wuYP00Te0JavQXaslFEvgkFa+ x7UDm7nSbhr2aPDxeJ3G =ou8d -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2015-5911 // JVNDB: JVNDB-2015-004796 // BID: 76775 // VULHUB: VHN-83872 // VULMON: CVE-2015-5911 // PACKETSTORM: 133619

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	lte	version:	5.0.2	Trust: 1.0
vendor:	apple	model:	macos server	scope:	lt	version:	5.0.3 (os x yosemite v10.10.5 or later )	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	5.0.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x4.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x3.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x5.0.3	Trust: 0.3

sources: BID: 76775 // JVNDB: JVNDB-2015-004796 // CNNVD: CNNVD-201509-364 // NVD: CVE-2015-5911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5911
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5911
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201509-364
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83872
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-5911
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5911
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83872
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83872 // VULMON: CVE-2015-5911 // JVNDB: JVNDB-2015-004796 // CNNVD: CNNVD-201509-364 // NVD: CVE-2015-5911

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-5911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-364

TYPE

Unknown

Trust: 0.3

sources: BID: 76775

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004796

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-4 OS X Server 5.0.3	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html	Trust: 0.8
title:	HT205219	url:	https://support.apple.com/en-us/HT205219	Trust: 0.8
title:	HT205219	url:	http://support.apple.com/ja-jp/HT205219	Trust: 0.8
title:	Apple: OS X Server v5.0.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e856ca3528e3f20edc6e25428c85c101	Trust: 0.1

sources: VULMON: CVE-2015-5911 // JVNDB: JVNDB-2015-004796

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5911	Trust: 3.0
db:	SECTRACK	id:	1033595	Trust: 1.2
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004796	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-364	Trust: 0.7
db:	BID	id:	76775	Trust: 0.5
db:	VULHUB	id:	VHN-83872	Trust: 0.1
db:	VULMON	id:	CVE-2015-5911	Trust: 0.1
db:	PACKETSTORM	id:	133619	Trust: 0.1

sources: VULHUB: VHN-83872 // VULMON: CVE-2015-5911 // BID: 76775 // JVNDB: JVNDB-2015-004796 // PACKETSTORM: 133619 // CNNVD: CNNVD-201509-364 // NVD: CVE-2015-5911

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html	Trust: 1.8
url:	https://support.apple.com/ht205219	Trust: 1.8
url:	http://www.securitytracker.com/id/1033595	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5911	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5911	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht205219	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/76775	Trust: 0.1
url:	https://support.apple.com/kb/ht205219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8109	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3185	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8161	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0253	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0242	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0241	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0243	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1349	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3581	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5911	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3166	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3165	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0067	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-5704	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3167	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0244	Trust: 0.1

sources: VULHUB: VHN-83872 // VULMON: CVE-2015-5911 // BID: 76775 // JVNDB: JVNDB-2015-004796 // PACKETSTORM: 133619 // CNNVD: CNNVD-201509-364 // NVD: CVE-2015-5911

CREDITS

Zachary Jones of WhiteHat Security Threat Research Center

Trust: 0.3

sources: BID: 76775

SOURCES

db:	VULHUB	id:	VHN-83872
db:	VULMON	id:	CVE-2015-5911
db:	BID	id:	76775
db:	JVNDB	id:	JVNDB-2015-004796
db:	PACKETSTORM	id:	133619
db:	CNNVD	id:	CNNVD-201509-364
db:	NVD	id:	CVE-2015-5911

LAST UPDATE DATE

2025-04-13T22:39:51.976000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83872	date:	2016-12-22T00:00:00
db:	VULMON	id:	CVE-2015-5911	date:	2016-12-22T00:00:00
db:	BID	id:	76775	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004796	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-364	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5911	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83872	date:	2015-09-18T00:00:00
db:	VULMON	id:	CVE-2015-5911	date:	2015-09-18T00:00:00
db:	BID	id:	76775	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004796	date:	2015-09-25T00:00:00
db:	PACKETSTORM	id:	133619	date:	2015-09-19T15:37:27
db:	CNNVD	id:	CNNVD-201509-364	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5911	date:	2015-09-18T12:00:54.290