This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote host is missing a security update for OS X Server.
The remote Mac OS X host has a version of OS X Server that is older
than 3.0. As such, it is reportedly affected by the following
- A denial of service vulnerability exists in the
included JSON Ruby Gem, which could be abused to use
all available memory. (CVE-2013-0269)
- Multiple cross-site scripting vulnerabilities exist in
the included Ruby on Rails software. (CVE-2013-1854 /
CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)
- A buffer overflow exists in the included FreeRADIUS
software that can be triggered when parsing the 'not
after' timestamp in a client certificate when using
TLS-based EAP methods. (CVE-2012-3547)
- A logic issue exists whereby the RADIUS service could
choose an incorrect certificate from a list of
See also :
Upgrade to Mac OS X Server v3.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 70590 ()
Bugtraq ID: 55483578995854958552585545855563285
CVE ID: CVE-2012-3547CVE-2013-0269CVE-2013-1854CVE-2013-1855CVE-2013-1856CVE-2013-1857CVE-2013-5143
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.