Apple Web Server notifications
Summary
This article provides credit to people who have reported potential security issues in Apple's web servers.
Products Affected
Mac OS X Server, Security
Credits
6-9-2008 iTunes Store
An open redirector in the iTunes Store was addressed. We would like to acknowledge Nenad Stojanovski for reporting this issue.
5-16-2008 developer.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Mike Zusman of Intrepidus Group for reporting this issue.
4-28-2008 searchcgi.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.
3-31-2008 apple.com
A cross-site scripting issue was addressed. We would like to acknowledge David Bloom for reporting this issue.
2007-10-26 iforgot.apple.com/
A cross-site scripting issue was addressed. We would like to acknowledge Waqas Nazir of DigitSEC for reporting the issue.
2007-10-05 support.apple.com/techtooldeluxe/
A cross-site scripting issue was addressed. We would like to acknowledge Kenichi Maehashi of Hosei University for reporting the issue.
2007-09-26 education.apple.com
A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.
2007-09-26 edcommunity.apple.com
Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.
2007-07-16 Apple Store Locator
An SQL injection issue was corrected in the Apple Store Locator. No customer data is stored on or is handled by the affected database. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.
2007-05-17 jobs.apple.com
A cross-site scripting issue was corrected on jobs.apple.com. We would like to acknowledge Dinis Cruz of Ounce Labs for reporting this issue.
2007-04-30 Apple website
Apple corrected a cross-site scripting issue on searchcgi.apple.com. We would like to acknowledge Nitesh Dhanjani for reporting this issue.
2005-12-14 Developer Connection Website
Apple corrected an issue on the connect.apple.com website that could have caused an email address to be disclosed. We would like to acknowledge Hernan Ochoa for reporting this issue.
2005-10-11 Apple Websites
Apple has recently corrected two issues related to PHP on the ali.apple.com and education.apple.com websites. No customer data is stored on or is handled by either of these systems. We would like to acknowledge Johannes Fahrenkrug (jfahrenkrug[at]gmail[dot]com) for reporting these issues.
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple's recommendation or endorsement. Please contact the vendor for additional information.