cvelistv5 - cve-2013-5143

CVE-2013-5143 (GCVE-0-2013-5143)

Vulnerability from cvelistv5

Published

2013-10-24 10:00

Modified

2024-09-16 19:56

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2013-5143

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5143

Aliases

CVE-2013-5143

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5143",
    "description": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.",
    "id": "GSD-2013-5143"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5143"
      ],
      "details": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.",
      "id": "GSD-2013-5143",
      "modified": "2023-12-13T01:22:21.690654Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-5143",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2013-10-22-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:os_x_server:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-5143"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-10-22-5",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-24T16:59Z",
      "publishedDate": "2013-10-24T10:53Z"
    }
  }
}

ghsa-vx62-2fm4-r5vw

Vulnerability from github

Published

2022-05-17 04:59

Modified

2022-05-17 04:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5143"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-24T10:53:00Z",
    "severity": "MODERATE"
  },
  "details": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.",
  "id": "GHSA-vx62-2fm4-r5vw",
  "modified": "2022-05-17T04:59:29Z",
  "published": "2022-05-17T04:59:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5143"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. Apple Mac OS X Server is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to an affected application. Versions prior to Mac OS X Server 3.0 are vulnerable. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. The vulnerability is caused by the wrong use of the Fallback X.509 certificate on the server. An attacker can exploit this vulnerability to hijack RADIUS sessions by implementing a man-in-the-middle attack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0498",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.1.1"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "os x server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0   (apple mac os x v10.9 or later )"
      },
      {
        "model": "os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2.0"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Arek Dreyer of Dreyer Network Consultants",
    "sources": [
      {
        "db": "BID",
        "id": "63285"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5143",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2013-5143",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-65145",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-5143",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5143",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201310-607",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65145",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. Apple Mac OS X Server is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to an affected application. \nVersions prior to Mac OS X Server 3.0 are vulnerable. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. The vulnerability is caused by the wrong use of the Fallback X.509 certificate on the server. An attacker can exploit this vulnerability to hijack RADIUS sessions by implementing a man-in-the-middle attack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5143",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95174988",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2013-10-22-5",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "63285",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-65145",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "id": "VAR-201310-0498",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:19:48.803000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-10-22-5",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
      },
      {
        "title": "HT5999",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5999"
      },
      {
        "title": "HT5999",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5999?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00006.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5143"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95174988/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5143"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "date": "2013-10-22T00:00:00",
        "db": "BID",
        "id": "63285"
      },
      {
        "date": "2013-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "date": "2013-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "date": "2013-10-24T10:53:09.740000",
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65145"
      },
      {
        "date": "2013-10-22T00:00:00",
        "db": "BID",
        "id": "63285"
      },
      {
        "date": "2013-11-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      },
      {
        "date": "2013-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      },
      {
        "date": "2024-11-21T01:57:05.983000",
        "db": "NVD",
        "id": "CVE-2013-5143"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X Server of  Server App of  RADIUS In service  RADIUS Session hijacking vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004885"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "63285"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-607"
      }
    ],
    "trust": 0.9
  }
}

CERTA-2013-AVI-603

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Server v3.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

fkie_cve-2013-5143

Vulnerability from fkie_nvd

Published

2013-10-24 10:53

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	os_x_server	*
apple	os_x_server	2.0
apple	os_x_server	2.1
apple	os_x_server	2.1.1
apple	os_x_server	2.2
apple	os_x_server	2.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D7BFCC-77A8-4BCD-B824-D67E62546F7E",
              "versionEndIncluding": "2.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09166614-1225-4B0A-AC24-050E8E968A81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F879169-CFCE-4343-8F51-EF55DE4557B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5046CE5-A089-4D6F-A363-9A07BCD87630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B43AF62-55A4-441C-96FB-2FC91B8B6C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:os_x_server:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E441E1-15A8-4551-B333-B2F96C0F6398",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate."
    },
    {
      "lang": "es",
      "value": "El servicio RADIUS de Server App en Apple OS X Server anteriores a 3.0 selecciona un X.509 de reserva en circunstancias no especificadas, lo que prodr\u00eda permitir a atacantes man-in-the-middle secuestrar las sesiones RADIUS aprovechando el conocimiento de la clave privada de este certificado de reserva."
    }
  ],
  "id": "CVE-2013-5143",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-24T10:53:09.740",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5143 (GCVE-0-2013-5143)

Vulnerability from cvelistv5

gsd-2013-5143

Vulnerability from gsd

ghsa-vx62-2fm4-r5vw

Vulnerability from github

var-201310-0498

Vulnerability from variot

CERTA-2013-AVI-603

Vulnerability from certfr_avis

Solution

fkie_cve-2013-5143

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature