CVE-2008-1036

Loading...

General

Score:4.3/10.0
Severity:Low
Category:XSS Injection
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-0071, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5275, CVE-2007-6019, CVE-2007-6359, CVE-2007-6388, CVE-2007-6612, CVE-2008-0177, CVE-2008-1027, CVE-2008-1028, CVE-2008-1030, CVE-2008-1031, CVE-2008-1032, CVE-2008-1033, CVE-2008-1034, CVE-2008-1035, CVE-2008-1571, CVE-2008-1572, CVE-2008-1573, CVE-2008-1574, CVE-2008-1575, CVE-2008-1576, CVE-2008-1577, CVE-2008-1578, CVE-2008-1579, CVE-2008-1580, CVE-2008-1654, CVE-2008-1655

Published on 02/06/08 - Updated on 29/09/17

Description

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Category: XSS Injection

CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Security Notices

US National Vulnerability DatabaseCVE-2008-1036
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-278
Renater 2008/VULN189

Exploits

SecurityFocusBID-29412, BID-29488

Relative technologies

VendorProduct
applemac_os_x
applemac_os_x_server
redhatenterprise_linux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail