Shawn Pullum

**Name of the Vulnerable Software and Affected Versions** Apple OS X Server versions prior to 5.1 **Description** The issue is related to the Web Server component in Apple OS X Server, which does not properly restrict access to .DS Store and .htaccess files. This allows remote attackers to obtain sensitive configuration information via an HTTP request. The vulnerability can be exploited by sending an HTTP request to access these files, potentially revealing confidential configuration details. **Recommendations** For Apple OS X Server versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the .DS Store and .htaccess files to minimize the risk of exploitation.