Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-3637
HistorySep 26, 2008 - 4:21 p.m.

CVE-2008-3637

2008-09-2616:21:43
CWE-665
mitre
web.nvd.nist.gov
24
cve-2008-3637
hash-based message authentication code
hmac
java
apple
mac os x
remote code execution
crafted applet
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.025

Percentile

90.4%

JSON

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an β€œerror checking issue.”

Affected configurations

Nvd
Node
applemac_os_xMatch10.4.11
OR
applemac_os_xMatch10.5.4
OR
applemac_os_xMatch10.5.5
OR
applemac_os_x_serverMatch10.4.11
OR
applemac_os_x_serverMatch10.5.4
OR
applemac_os_x_serverMatch10.5.5
VendorProductVersionCPE
applemac_os_x10.4.11cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
applemac_os_x10.5.4cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
applemac_os_x10.5.5cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
applemac_os_x_server10.4.11cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
applemac_os_x_server10.5.4cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
applemac_os_x_server10.5.5cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

Related

nvd 1
prion 1
cvelist 1
seebug 1
nessus 2
openvas 2
nvd
nvd
CVE-2008-3637
2008-09-26 16:21:43
prion
prion
Design/Logic Flaw
2008-09-26 16:21:00
cvelist
cvelist
CVE-2008-3637
2008-09-26 16:00:00
seebug
seebug
Apple Mac OS X Java Applet HMACδΎ›η»™ε™¨ε€„η†θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2008-09-27 00:00:00
nessus
nessus
Mac OS X : Java for Mac OS X 10.4 Release 7
2008-09-25 00:00:00
Mac OS X : Java for Mac OS X 10.5 Update 2
2008-09-25 00:00:00
openvas
openvas
Java for Mac OS X 10.5 Update 2
2010-05-28 00:00:00
Java for Mac OS X 10.5 Update 2
2010-05-28 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.025

Percentile

90.4%

JSON
Related for CVE-2008-3637
nvd1prion1cvelist1seebug1nessus2openvas2