Information disclosure in macOS Server - CVE-2016-4754
Published: September 21, 2016 / Updated: January 6, 2017
Vulnerability identifier: #VU594
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4754
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS Server
macOS Server
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive information on the target system.
The weakness is caused by using the obsolete RC4 algorithm for ServerDocs Server connections that leads to connection decryption.
Successful exploitation of the vulnerability may result in access to potentially sensitive data on the vulnerable system.
The weakness is caused by using the obsolete RC4 algorithm for ServerDocs Server connections that leads to connection decryption.
Successful exploitation of the vulnerability may result in access to potentially sensitive data on the vulnerable system.
How to mitigate CVE-2016-4754
Update to 5.2.