CVE-2009-0153

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

References

http://bugs.icu-project.org/trac/ticket/5691

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/35074

http://secunia.com/advisories/35379

http://secunia.com/advisories/35436

http://secunia.com/advisories/35498

http://secunia.com/advisories/35584

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://www.redhat.com/support/errata/RHSA-2009-1122.html

http://www.securityfocus.com/bid/34926

http://www.securityfocus.com/bid/34974

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

https://bugzilla.redhat.com/show_bug.cgi?id=503071

https://exchange.xforce.ibmcloud.com/vulnerabilities/50488

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html

Details

Source: MITRE

Published: 2009-05-13

Updated: 2017-09-29

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67878Oracle Linux 5 : icu (ELSA-2009-1122)NessusOracle Linux Local Security Checks
medium
60603Scientific Linux Security Update : icu on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
44754Debian DSA-1889-1 : icu - programming errorNessusDebian Local Security Checks
medium
43760CentOS 5 : icu (CESA-2009:1122)NessusCentOS Local Security Checks
medium
42081Ubuntu 8.04 LTS / 8.10 / 9.04 : icu vulnerability (USN-846-1)NessusUbuntu Local Security Checks
medium
42005openSUSE 10 Security Update : icu (icu-6322)NessusSuSE Local Security Checks
medium
41522SuSE 10 Security Update : icu (ZYPP Patch Number 6422)NessusSuSE Local Security Checks
medium
41402SuSE 11 Security Update : icu (SAT Patch Number 1029)NessusSuSE Local Security Checks
medium
40651openSUSE Security Update : icu (icu-1028)NessusSuSE Local Security Checks
medium
40644openSUSE Security Update : icu (icu-1028)NessusSuSE Local Security Checks
medium
39525RHEL 5 : icu (RHSA-2009:1122)NessusRed Hat Local Security Checks
medium
39402Fedora 10 : icu-4.0-3.1.fc10 (2009-6273)NessusFedora Local Security Checks
medium
39400Fedora 9 : icu-3.8.1-9.fc9 (2009-6121)NessusFedora Local Security Checks
medium
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high