CVE-2015-7031
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
Date published : 2015-10-23
http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html