Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities

high Nessus Plugin ID 70590


The remote host is missing a security update for OS X Server.


The remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities :

- A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269)

- Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)

- A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the 'not after' timestamp in a client certificate when using TLS-based EAP methods. (CVE-2012-3547)

- A logic issue exists whereby the RADIUS service could choose an incorrect certificate from a list of configured certificates.


Upgrade to Mac OS X Server version 3.0 or later.

See Also

Plugin Details

Severity: High

ID: 70590

File Name: macosx_server_3_0.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 10/24/2013

Updated: 7/14/2018

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:mac_os_x_server

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/23/2013

Vulnerability Publication Date: 9/10/2012

Reference Information

CVE: CVE-2012-3547, CVE-2013-0269, CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857, CVE-2013-5143

BID: 55483, 57899, 58549, 58552, 58554, 58555, 63285

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990

APPLE-SA: APPLE-SA-2013-10-22-5