Apple Web Server notifications, 2011

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2011-12-21 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2011-12-19 gsxws2ut.apple.com

An information disclosure issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com and Julius Kivimäki for reporting this issue.

2011-12-13 acn-members.apple.com

A credential issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2011-12-12 canadaapp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-07 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-06 me.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Jason Hullinger for reporting this issue.

2011-12-05 images.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-12-05 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2011-11-17 rss.support.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-13 km.support.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-11-08 discussionsjapan.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Koki Nakayasu of Keio University for reporting this issue.

2011-11-01 wdg2.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-28 radarsubmissions.apple.com

An information disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-10-27 opensource.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2011-10-26 ade.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-25 edcommunity.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mike Bailey for reporting this issue.

2011-10-25 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research, Abubakr Soliman (@bakrianoo) from Sinai University, and Maheshkumar Darji (facebook.com/myths.tailor) for reporting this issue.

2011-10-25 expresslane.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann ofnilsjuenemann.de for reporting this issue.

2011-10-24 developer.apple.com

A mixed-content issue was addressed. We would like to acknowledge Glenn Tenney of Fantasia Systems Inc. for reporting this issue.

2011-10-21 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2011-10-21 apple.com/tw/reseller

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2011-10-17 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-14 setup.apple.com

An incorrect URL localization issue was addressed. We would like to acknowledge Dirk Haun for reporting this issue.

2011-10-07 wsidecar.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-10-05 reseller.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 wsidecar.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-30 reportingitc.apple.com

An SSL configuration issue was addressed. We would like to acknowledge David Dunham of A Sharp, LLC, Ron Avitzur of Pacific Tech Software, and Attila Soki for reporting this issue.

2011-09-28 help.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matias P. Brutti, Sr. Security Consultant at IOActive, Inc for reporting this issue.

2011-09-27 support.apple.com/repairstatus

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-27 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-16 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-09-12 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-12 daw2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-08 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge "some stupid nerd" for reporting this issue.

2011-09-07 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-09-02 apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2011-08-29 developer.apple.com/search

A cross-site scripting issue was addressed. We would like to acknowledge Rahat Mahbub from Maple Leaf International School, and Cim Stordal for reporting this issue.

2011-08-29 qtdevseed.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-25 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki of Cracow University of Technology, Poland for reporting this issue.

2011-08-24 canadaapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-22 apple.com/tellafriend

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-17 itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-15 backend.media.euro.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2011-08-11 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-10 dzc.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-10 buy.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-09 wsidecar.apple.com

A server configuration issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2011-08-05 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-08-01 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2011-07-29 daw.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-22 iforgot.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l for reporting this issue.

2011-07-21 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge d3v1l, and Emanuele Gentili of Tiger Security S.r.l. (tigersecurity.it) for reporting this issue.

2011-07-20 documentation.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-19 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-18 consultants.apple.com/services.php

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-07-15 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma of the Doon Public School in New Delhi, India for reporting this issue.

2011-07-12 consultants-locator.apple.com

An iFrame and an SQL injection issue were addressed. We would like to acknowledge Idahc for reporting this issue.

2011-07-09 apple.com/retail

A SQL injection issue was addressed. We would like to acknowledge Ben Love for reporting this issue.

2011-07-06 developer.apple.com

An arbitrary redirect issue was addressed. We would like to acknowledge Michiel Prins of Online24 for reporting this issue.

2011-07-06 apple.com/search

An HTML injection issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2011-06-30 connect.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Gautam Kok of Webnuts.nl for reporting this issue.

2011-06-28 developer.apple.com

Arbitrary URL redirect and HTTP response splitting issues were addressed. We would like to acknowledge YGN Ethical Hacker Group (yehg.net) for reporting these issues.

2011-06-28 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Drew Hintz of Google Security for reporting this issue.

2011-06-20 developer.apple.com

A path disclosure issue was addressed. We would like to acknowledge Graham Lee of Fuzzy Aliens for reporting this issue.

2011-06-02 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2011-05-21 iTunes Store and Mac App Store

A password validation issue was addressed in the handling of AOL accounts. We would like to acknowledge Joshua Long of security.thejoshmeister.com for reporting this issue.

2011-05-03 id.apple.com

A server configuration issue was addressed. We would like to acknowledge William LaFrance for reporting this issue.

2011-05-02 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Billy Rios of the Google Security Team for reporting this issue.

2011-04-17 ftp.apple.com

A cross-site request forgery issue was addressed. We would like to acknowledge Maksymilian Arciemowicz for reporting this issue.

2011-03-09 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 consultants-locator.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-03-09 evaluatemacs.apple.com

A path disclosure issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" Fernandez of Informatica64.com for reporting this issue.

2011-02-24 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Peter Ellehauge of Yahoo! paranoids for reporting this issue.

2011-02-16 acn-members.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

2011-02-16 consultants.apple.com

An error logging issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2011-01-11 latam.apple.com

A path disclosure issue was addressed. We would like to acknowledge Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

Web Server notifications by year

For information about Apple Web Server notifications from previous years, see this document:

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: