| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Apple Mac OS X 10.8. This issue affects some unknown processing of the component Wiki Server. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2013-1034. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability has been found in Apple Mac OS X 10.8 (Operating System) and classified as problematic. Affected by this vulnerability is an unknown code of the component Wiki Server. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
The weakness was shared 09/17/2013 by David Hoyt with Hoyt LLC Research as Security content of OS X Server v2.2.2 as confirmed advisory (Website). It is possible to read the advisory at support.apple.com. The vendor cooperated in the coordination of the public release. This vulnerability is known as CVE-2013-1034 since 01/10/2013. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are unknown but a private exploit is available. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 69932 (Mac OS X : OS X Server < 2.2.2 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks.
Upgrading to version 2.2.2 eliminates this vulnerability. The upgrade is hosted for download at support.apple.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (87182), Tenable (69932), SecurityFocus (BID 58876†), OSVDB (97386†) and Secunia (SA54891†). Additional details are provided at support.apple.com. The entry VDB-8171 is related to this item. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 69932
Nessus Name: Mac OS X : OS X Server < 2.2.2 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Mac OS X 2.2.2
Timeline
01/10/2013 🔍04/04/2013 🔍
09/17/2013 🔍
09/17/2013 🔍
09/17/2013 🔍
09/17/2013 🔍
09/19/2013 🔍
09/20/2013 🔍
03/20/2014 🔍
05/25/2021 🔍
Sources
Vendor: apple.comAdvisory: Security content of OS X Server v2.2.2
Researcher: David Hoyt
Organization: Hoyt LLC Research
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-1034 (🔍)
GCVE (CVE): GCVE-0-2013-1034
GCVE (VulDB): GCVE-100-10399
X-Force: 87182
SecurityFocus: 58876 - PostgreSQL CVE-2013-1899 Denial of Service Vulnerability
Secunia: 54891 - Apple OS X Server Multiple Vulnerabilities, Moderately Critical
OSVDB: 97386
Vulnerability Center: 43704 - Apple Mac OS X Server before 2.2.2 Remote XSS in Wiki Server, Medium
scip Labs: https://www.scip.ch/en/?labs.20150108
Misc.: 🔍
See also: 🔍
Entry
Created: 09/20/2013 11:51Updated: 05/25/2021 17:24
Changes: 09/20/2013 11:51 (80), 05/23/2017 14:59 (2), 05/25/2021 17:24 (3)
Complete: 🔍
Committer:
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.