[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1036Date: (C)2008-06-02   (M)2023-12-22


The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1020139
BID-29412
BID-29488
SECUNIA-30430
SECUNIA-34290
SECUNIA-34777
ADV-2008-1697
APPLE-SA-2008-05-28
DSA-1762
RHSA-2009:0296
TA08-150A
USN-747-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064
macosx-icu-security-bypass(42717)
oval:org.mitre.oval:def:10824

CPE    9
cpe:/o:apple:mac_os_x:10.5
cpe:/o:redhat:enterprise_linux:5
cpe:/o:apple:mac_os_x_server:10.4.11
cpe:/o:apple:mac_os_x_server:10.5
...
CWE    1
CWE-79
OVAL    4
oval:org.secpod.oval:def:700396
oval:org.mitre.oval:def:8408
oval:org.secpod.oval:def:500607
oval:org.secpod.oval:def:600401
...

© SecPod Technologies