ID CVE-2005-0234
Summary The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
apple APPLE-SA-2005-03-21
bid 12461
bugtraq 20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
fulldisc 20050206 state of homograph attacks
misc
xf multiple-browsers-idn-spoof(19236)
Last major update 11-07-2017 - 01:32
Published 02-05-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top