// For flags

CVE-2009-0153

icu: XSS vulnerability due to improper invalid byte sequence handling

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

International Components para Unicode (ICU) en Apple Mac OS X v10.5 antes de v10.5.7 no maneja correctamente las secuencias de bytes no válidos durante la conversión a Unicode, lo cual podría permitir a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-01-16 CVE Reserved
  • 2009-05-13 CVE Published
  • 2024-04-19 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (25)
URL Tag Source
http://bugs.icu-project.org/trac/ticket/5691 X_refsource_confirm
http://secunia.com/advisories/35074 Third Party Advisory
http://secunia.com/advisories/35379 Third Party Advisory
http://secunia.com/advisories/35436 Third Party Advisory
http://secunia.com/advisories/35498 Third Party Advisory
http://secunia.com/advisories/35584 Third Party Advisory
http://support.apple.com/kb/HT3613 X_refsource_confirm
http://support.apple.com/kb/HT3639 X_refsource_confirm
http://www.securityfocus.com/bid/34926 Vdb Entry
http://www.securityfocus.com/bid/34974 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297 Vdb Entry
http://www.vupen.com/english/advisories/2009/1522 Vdb Entry
http://www.vupen.com/english/advisories/2009/1621 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50488 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366 Signature
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html 2017-09-29
http://support.apple.com/kb/HT3549 2017-09-29
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html 2017-09-29
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2009-1122.html 2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=503071 2009-06-25
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2009-0153 2009-06-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.0
Search vendor "Apple" for product "Mac Os X" and version "10.5.0"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.1
Search vendor "Apple" for product "Mac Os X" and version "10.5.1"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.2
Search vendor "Apple" for product "Mac Os X" and version "10.5.2"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.3
Search vendor "Apple" for product "Mac Os X" and version "10.5.3"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.4
Search vendor "Apple" for product "Mac Os X" and version "10.5.4"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.5
Search vendor "Apple" for product "Mac Os X" and version "10.5.5"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.5.6
Search vendor "Apple" for product "Mac Os X" and version "10.5.6"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.0
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.0"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.1
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.1"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.2
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.2"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.3
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.3"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.4
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.4"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.5
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.5"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 10.5.6
Search vendor "Apple" for product "Mac Os X Server" and version "10.5.6"
-
Affected