Apple Xcode < 5.0 (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote host has an application installed that is prone to a
man-in-the-middle attack.

Description :

The remote Mac OS X host has Apple Xcode prior to 5.0 installed. It,
therefore, includes a version of git in which the imap-send command
reportedly does not verify that a server hostname matches the domain
name in its X.509 certificate. A man-in-the-middle attacker could
leverage this vulnerability to spoof SSL servers via an arbitrary
valid certificate.

See also :

Solution :

Upgrade to Apple Xcode version 5.0 or later, available for OS X
Mountain Lion 10.8.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 70093 ()

Bugtraq ID: 58148

CVE ID: CVE-2013-0308