The host is installed with Apple Mac OS X or Server 10.10.x through 10.10.4 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to handle a text file containing an XML external entity declaration in conjunction with an entity reference. Successful exploitation allows remote attackers to read arbitrary files.