Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-1036

Published: 02/06/2008 Updated: 29/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Apple

Vulnerability Summary

The International Components for Unicode (ICU) library in Apple Mac OS X prior to 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x server 10.5

apple mac os x server 10.5.1

apple mac os x 10.5

apple mac os x 10.5.1

apple mac os x 10.5.2

apple mac os x server 10.4.11

apple mac os x 10.4.11

apple mac os x server 10.5.2

redhat enterprise linux 5

Vendor Advisories

Red Hat: Moderate: icu security update
Synopsis Moderate: icu security update Type/Severity Security Advisory: Moderate Topic Updated icu packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Debian CVElist Bug Report Logs: does not properly handle invalid byte sequences during Unicode conversion
Debian Bug report logs - #534590 does not properly handle invalid byte sequences during Unicode conversion Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Kees Cook <kees@debianorg> Date: Thu, 25 Jun 2009 15:42:01 UTC Severity: normal Tags: security Found in version 381 ...
Ubuntu Security Notice: icu vulnerability
It was discovered that libicu did not correctly handle certain invalid encoded data If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed ...
Debian Security Advisories: DSA-1762-1 icu -- insufficient input sanitising
It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to crosssite scripting attacks For the oldstable distribution (etch), this problem has been fixed in version 36-2etch2 For the stable distribution (lenny), this problem has been fixed in version 381-3+lenny1 For th ...

References

CWE-79http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.securityfocus.com/bid/29412http://securitytracker.com/id?1020139http://secunia.com/advisories/30430http://www.securityfocus.com/bid/29488http://www.redhat.com/support/errata/RHSA-2009-0296.htmlhttp://secunia.com/advisories/34290http://www.ubuntu.com/usn/USN-747-1http://www.debian.org/security/2009/dsa-1762http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064http://secunia.com/advisories/34777http://www.vupen.com/english/advisories/2008/1697https://exchange.xforce.ibmcloud.com/vulnerabilities/42717https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824https://access.redhat.com/errata/RHSA-2009:0296https://usn.ubuntu.com/747-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook