Mac OS X : OS X Server < 2.2.1 Multiple Vulnerabilities
High Nessus Plugin ID 64476
SynopsisThe remote host is missing an update for OS X Server that fixes two security issues.
DescriptionThe remote Mac OS X 10.8 host has a version of OS X Server installed that is prior to 2.2.1. It is, therefore, affected by the following vulnerabilities :
- A type casting issue exists in Ruby on Rails due to improper handling of XML parameters. A remote attacker can exploit this issue to execute arbitrary code through either the Profile Manager or Wiki Server components.
- A type casting issue exists in Ruby on Rails due to improper handling of JSON data. A remote attacker can exploit this to execute arbitrary code through the Wiki Server component. (CVE-2013-0333)
SolutionUpgrade to Mac OS X Server v2.2.1 or later.