CVE-2015-1151
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
Date published : 2015-04-28
http://lists.apple.com/archives/security-announce/2015/Apr/msg00006.html