Sign-up

ID

VAR-201605-0316


CVE

CVE-2016-1208


TITLE

FileMaker server issue where PHP source code may be viewable

Trust: 0.8

sources: JVNDB: JVNDB-2016-000063

DESCRIPTION

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.PHP source code may be viewable. Filemaker server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks. FileMaker server versions prior to 14.0.4 are vulnerable. Apple FileMaker on OS X is a set of database software run on an operating system specially developed for Mac computers by Apple in the United States. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.98

sources: NVD: CVE-2016-1208 // JVNDB: JVNDB-2016-000063 // BID: 90633 // VULHUB: VHN-90027

AFFECTED PRODUCTS

vendor:filemakermodel:filemakerscope:lteversion:14.0.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:filemakermodel:serverscope:eqversion:prior to 14.0.4 for macos x

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.6

vendor:filemakermodel:serverscope:eqversion:5.5

Trust: 0.3

vendor:filemakermodel:serverscope:eqversion:5.0

Trust: 0.3

vendor:filemakermodel:serverscope:eqversion:9.0

Trust: 0.3

vendor:filemakermodel:serverscope:eqversion:8.0

Trust: 0.3

vendor:filemakermodel:serverscope:eqversion:7.0

Trust: 0.3

sources: BID: 90633 // JVNDB: JVNDB-2016-000063 // CNNVD: CNNVD-201605-393 // NVD: CVE-2016-1208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1208
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000063
value: LOW

Trust: 0.8

CNNVD: CNNVD-201605-393
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90027
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1208
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000063
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90027
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1208
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000063
baseSeverity: LOW
baseScore: 3.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90027 // JVNDB: JVNDB-2016-000063 // CNNVD: CNNVD-201605-393 // NVD: CVE-2016-1208

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-20

Trust: 0.8

sources: VULHUB: VHN-90027 // JVNDB: JVNDB-2016-000063 // NVD: CVE-2016-1208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-393

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000063

PATCH
title:Software Update: FileMaker Server 14.0.4url:http://help.filemaker.com/app/answers/detail/a_id/15364/~/software-update%3A-filemaker-server-14.0.4
Trust: 0.8
title:Apple FileMaker Fixes for arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61709
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000063 // 
            
            
            
            CNNVD: CNNVD-201605-393

EXTERNAL IDS
db:JVNid:JVN91638315
Trust: 2.8
db:NVDid:CVE-2016-1208
Trust: 2.8
db:JVNDBid:JVNDB-2016-000063
Trust: 2.5
db:CNNVDid:CNNVD-201605-393
Trust: 0.6
db:BIDid:90633
Trust: 0.3
db:VULHUBid:VHN-90027
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90027 // 
            
            
            
            BID: 90633 // 
            
            
            
            JVNDB: JVNDB-2016-000063 // 
            
            
            
            CNNVD: CNNVD-201605-393 // 
            
            
            
            NVD: CVE-2016-1208

REFERENCES
url:http://jvn.jp/en/jp/jvn91638315/index.html
Trust: 2.8
url:http://help.filemaker.com/app/answers/detail/a_id/15364
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000063
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1208
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1208
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90027 // 
            
            
            
            BID: 90633 // 
            
            
            
            JVNDB: JVNDB-2016-000063 // 
            
            
            
            CNNVD: CNNVD-201605-393 // 
            
            
            
            NVD: CVE-2016-1208

CREDITS
Atsushi Matsuo of Emic Corporation
Trust: 0.3
sources:
            
            
            BID: 90633

SOURCES
db:VULHUBid:VHN-90027
db:BIDid:90633
db:JVNDBid:JVNDB-2016-000063
db:CNNVDid:CNNVD-201605-393
db:NVDid:CVE-2016-1208

LAST UPDATE DATE
2025-04-13T23:23:36.267000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90027date:2016-05-19T00:00:00
db:BIDid:90633date:2016-07-06T14:41:00
db:JVNDBid:JVNDB-2016-000063date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-393date:2016-05-16T00:00:00
db:NVDid:CVE-2016-1208date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90027date:2016-05-14T00:00:00
db:BIDid:90633date:2016-05-13T00:00:00
db:JVNDBid:JVNDB-2016-000063date:2016-05-13T00:00:00
db:CNNVDid:CNNVD-201605-393date:2016-05-16T00:00:00
db:NVDid:CVE-2016-1208date:2016-05-14T15:59:01.457