CVE-2005-0234 - The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain

CVE-2005-0234

Summary

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

apple	APPLE-SA-2005-03-21
bid	12461
bugtraq	20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
fulldisc	20050206 state of homograph attacks
misc	http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt
xf	multiple-browsers-idn-spoof(19236)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32