CVE-2005-0234

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html	Exploit Vendor Advisory
http://www.shmoo.com/idn	Exploit
http://www.shmoo.com/idn/homograph.txt	Vendor Advisory
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html	Vendor Advisory
http://www.securityfocus.com/bid/12461
http://marc.info/?l=bugtraq&m=110782704923280&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*

Information

Published : 2005-05-01 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-0234

Mitre link : CVE-2005-0234

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

apple

safari

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", "name": "20050206 state of homograph attacks", "tags": ["Exploit", "Vendor Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.shmoo.com/idn", "name": "http://www.shmoo.com/idn", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.shmoo.com/idn/homograph.txt", "name": "http://www.shmoo.com/idn/homograph.txt", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html", "name": "APPLE-SA-2005-03-21", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://www.securityfocus.com/bid/12461", "name": "12461", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2", "name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", "name": "multiple-browsers-idn-spoof(19236)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0234", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}