CVE-2008-1036

Published: Jun 2, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Affected (9)

Products: Apple: Mac Os X, Mac Os X Server · Redhat: Enterprise Linux

2 products

Mac Os X Server

1 product

Enterprise Linux

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.5.1
Apple Mac Os X Server	Version 10.5.2
Apple Mac Os X Server	Version 10.5
Redhat Enterprise Linux	Version 5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (30)

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/30430

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34290

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34777

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1020139

Source: cve@mitre.org

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1762

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0296.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/29412

Source: cve@mitre.org

http://www.securityfocus.com/bid/29488

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-747-1

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

Source: cve@mitre.org

PatchUS Government Resource

http://www.vupen.com/english/advisories/2008/1697

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/42717

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/30430

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34290

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34777

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1020139

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1762

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0296.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29412

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29488

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-747-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.vupen.com/english/advisories/2008/1697

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/42717

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.