Search for vulnerabilities
Vulnerability details: VCID-cebw-maw5-aaam
Vulnerability ID VCID-cebw-maw5-aaam
Aliases CVE-2009-0153
Summary International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1122
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0153.json
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.02083 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.02083 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.02083 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.02083 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.04875 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.06394 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
epss 0.12399 https://api.first.org/data/v1/epss?cve=CVE-2009-0153
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2009-0153
Reference id Reference type URL
http://bugs.icu-project.org/trac/ticket/5691
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0153.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0153
https://bugzilla.redhat.com/show_bug.cgi?id=503071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/35436
http://secunia.com/advisories/35498
http://secunia.com/advisories/35584
https://exchange.xforce.ibmcloud.com/vulnerabilities/50488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html
http://www.redhat.com/support/errata/RHSA-2009-1122.html
http://www.securityfocus.com/bid/34926
http://www.securityfocus.com/bid/34974
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
534590 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534590
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
CVE-2009-0153 https://nvd.nist.gov/vuln/detail/CVE-2009-0153
RHSA-2009:1122 https://access.redhat.com/errata/RHSA-2009:1122
USN-846-1 https://usn.ubuntu.com/846-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0153.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0153
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.79490
EPSS Score 0.00632
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.