Sign-up

ID

VAR-201704-0716


CVE

CVE-2017-2382


TITLE

Apple macOS Server of Wiki Server component enumeration vulnerability in server component

Trust: 0.8

sources: JVNDB: JVNDB-2017-002414

DESCRIPTION

An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors. An attacker may leverage this issue to harvest valid usernames, which may aid in further attacks. Wiki Server is one of the web-based services that provides functions such as wikis, blogs, calendars, and contacts. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-7 macOS Server 5.3 macOS Server 5.3 is now available and addresses the following: Profile Manager Available for: macOS 10.12.4 and later Impact: A remote user may be able to cause a denial-of-service Description: A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types. CVE-2016-0751 Web Server Available for: macOS 10.12.4 and later Impact: A remote attacker may be able to cause a denial of service against the HTTP server via partial HTTP requests Description: This issue was addressed by adding mod_reqtimeout. CVE-2017-2382: Maris Kocins of SEMTEXX LTD Installation note: macOS Server 5.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGF7wP/jfxkNq1X/N7FcXsboILFYkn e5i+hnumf2VSjJnR9saAsQAdSxKxeiByq+j4GLVRiLTlcrLLKE03vYlBaDdQTy2U Y9qQ1HRu6wYwx38y3IQFr5JUQM2BG8yuaodfyQzgSEHUUqNMf0jZFpikub+c3PSh DNUok50Gq4+ifa389TNIs1BPnFZE1yzvXwbOJomweMbc1qXnyfs9yl+ZhgtI62uI E7SwLL2dMBnzWJm31VdZ8WPUtsN23LIBl02Jn60mZzERRsJ8q/+v5q1nTdx2BUkp 9dMShg5XS1pmH+NpZfiFoBCeCDLXrUydBUNWlrvuTJKZDzycEwp2NKtOxbCfzF/e 2B7+exz7C1i3sDkBa9ao/ifxQZR+6aXryvHQASI2M5lY3GUvSd4+e5DfXJ38Abar Od0OIKgVQ6IiXdseC0+NidPlsQiwkTh1jLHHIQzOi5sIo/wp+76XV88qkANBnC2n 8fPsCEXBMt+E3wju5fwLYQlCWz0dALYOtTkoPX7L5/LhBxdyk9YxGn/6OzTosjtC /uEdg7UB/+AKzN6XWbRHBO6hyfEqhotllD0cOYewP6ArfFf/LYAROPxxqvnZPx5b 6SzWprQPbywXJ4WILWbK94tkelJXy0q9ijfINrGojMwOJ+JcM6FwGot6SmOZEpqZ WRqXbE4VG2eU2fGJZ/Sw =a6xp -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-2382 // JVNDB: JVNDB-2017-002414 // BID: 97128 // VULHUB: VHN-110585 // PACKETSTORM: 141935

AFFECTED PRODUCTS

vendor:applemodel:mac os serverscope:lteversion:5.2

Trust: 1.0

vendor:applemodel:macos serverscope:ltversion:5.3 (macos sierra 10.12.4 or later )

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:macos serverscope:neversion:5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:os serverscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:macos serverscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:os serverscope:eqversion:x10.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:os serverscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

sources: BID: 97128 // JVNDB: JVNDB-2017-002414 // CNNVD: CNNVD-201703-1253 // NVD: CVE-2017-2382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2382
value: HIGH

Trust: 1.0

NVD: CVE-2017-2382
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201703-1253
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110585
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2382
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110585
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2382
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110585 // JVNDB: JVNDB-2017-002414 // CNNVD: CNNVD-201703-1253 // NVD: CVE-2017-2382

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-110585 // JVNDB: JVNDB-2017-002414 // NVD: CVE-2017-2382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1253

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-1253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002414

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207604url:https://support.apple.com/en-us/HT207604
Trust: 0.8
title:HT207604url:https://support.apple.com/ja-jp/HT207604
Trust: 0.8
title:Apple macOS Server Wiki Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74770
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002414 // 
            
            
            
            CNNVD: CNNVD-201703-1253

EXTERNAL IDS
db:NVDid:CVE-2017-2382
Trust: 2.9
db:BIDid:97128
Trust: 2.0
db:SECTRACKid:1038144
Trust: 1.1
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002414
Trust: 0.8
db:CNNVDid:CNNVD-201703-1253
Trust: 0.7
db:VULHUBid:VHN-110585
Trust: 0.1
db:PACKETSTORMid:141935
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110585 // 
            
            
            
            BID: 97128 // 
            
            
            
            JVNDB: JVNDB-2017-002414 // 
            
            
            
            PACKETSTORM: 141935 // 
            
            
            
            CNNVD: CNNVD-201703-1253 // 
            
            
            
            NVD: CVE-2017-2382

REFERENCES
url:http://www.securityfocus.com/bid/97128
Trust: 1.7
url:https://support.apple.com/ht207604
Trust: 1.7
url:http://www.securitytracker.com/id/1038144
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2382
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2382
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/in/macos/server/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-0751
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2007-6750
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110585 // 
            
            
            
            BID: 97128 // 
            
            
            
            JVNDB: JVNDB-2017-002414 // 
            
            
            
            PACKETSTORM: 141935 // 
            
            
            
            CNNVD: CNNVD-201703-1253 // 
            
            
            
            NVD: CVE-2017-2382

CREDITS
Maris Kocins of SEMTEXX LTD
Trust: 0.9
sources:
            
            
            BID: 97128 // 
            
            
            
            CNNVD: CNNVD-201703-1253

SOURCES
db:VULHUBid:VHN-110585
db:BIDid:97128
db:JVNDBid:JVNDB-2017-002414
db:PACKETSTORMid:141935
db:CNNVDid:CNNVD-201703-1253
db:NVDid:CVE-2017-2382

LAST UPDATE DATE
2025-04-20T21:58:28.739000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110585date:2017-07-12T00:00:00
db:BIDid:97128date:2017-03-29T00:02:00
db:JVNDBid:JVNDB-2017-002414date:2017-04-13T00:00:00
db:CNNVDid:CNNVD-201703-1253date:2017-09-29T00:00:00
db:NVDid:CVE-2017-2382date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110585date:2017-04-02T00:00:00
db:BIDid:97128date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002414date:2017-04-13T00:00:00
db:PACKETSTORMid:141935date:2017-03-27T23:33:33
db:CNNVDid:CNNVD-201703-1253date:2017-03-27T00:00:00
db:NVDid:CVE-2017-2382date:2017-04-02T01:59:00.417