CVE-2013-0966medium
Description
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
References
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Details
Source: MITRE
Published: 2013-03-15
Updated: 2013-03-18
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM