Apple Xcode Tools WebObjects plug-in unauthorized access
| xcode-webobjects-unauth-access (26634) |  Medium Risk |
Description:
Apple Xcode Tools could allow a remote attacker to gain unauthorized access to WebObjects projects. If the WebObjects plug-in is installed, a remote attacker could gain unauthorized access to WebObjects projects while Xcode is running. This could allow the attacker to obtain sensitive information or possibly modify project properties.
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of Apple Xcode Tools (2.3 or later), available from the Apple Web site. See References.
References:
- Apple Product Security Mailing List, Tue, 23 May 2006 14:53:38 -0700: APPLE-SA-2006-05-23 Xcode Tools 2.3.
- Apple Web site: Tools - Downloads.
- BID-18091: Apple Xcode Tools WebObjects Unauthorized Remote Access Vulnerability
- CVE-2006-1466: Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.
- OSVDB ID: 25889: Mac OS X Xcode Tools WebObjects Plugin Project Manipulation
- SA20267: Apple Xcode WebObjects Plugin Access Control Vulnerability
- SECTRACK ID: 1016143: Apple Xcode Tools Grants Remote Access to WebObjects Projects
- VUPEN/ADV-2006-1950: Apple Xcode Tools WebObjects Plugin Remote Unauthorized Access Vulnerability
Platforms Affected:
- Apple Xcode 2.2
Reported:
May 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net