This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote host is missing an update for OS X Server that fixes several
The remote Mac OS X 10.8 host has a version of OS X Server installed
that is prior to 2.1.1. It is, therefore, affected by the following
- When the xml2 contrib module is enabled in PostgreSQL,
an unprivileged database user can read or write
arbitrary files, subject to the privileges under which
the PostgreSQL server runs, when processing specially-
crafted XSLT documents. (CVE-2012-3488)
- An unprivileged database user can read arbitrary files,
subject to the privileges under which the PostgreSQL
server runs, because 'xml_parse()' attempts to fetch
external files or URLs as needed to resolve DTD and
entity references in an XML value. (CVE-2012-3489)
- A malicious XMPP server can spoof domains via a Verify
Response or an Authorization Response because the Jabber
server processes unsolicited XMPP Server Dialback
See also :
Upgrade to Mac OS X Server version 2.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 62801 ()
Bugtraq ID: 550725507455167
CVE ID: CVE-2012-3488CVE-2012-3489CVE-2012-3525
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.