CVE-2008-3637

EPSS 12.48%
Published 26.09.2008 16:21:43
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ macOS X Version10.4.11

Apple ≫ macOS X Version10.5.4

Apple ≫ macOS X Version10.5.5

Apple ≫ macOS X Server Version10.4.11

Apple ≫ macOS X Server Version10.5.4

Apple ≫ macOS X Server Version10.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.48%	0.933

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

Mailing List

http://secunia.com/advisories/32018

Vendor Advisory

Broken Link

http://support.apple.com/kb/HT3178

Vendor Advisory

http://support.apple.com/kb/HT3179

Vendor Advisory

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html

Mailing List

http://www.securityfocus.com/bid/31379