Lucene search

RedhatCVE-2005-0234

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0234

2005-05-0204:00:00

redhat

web.nvd.nist.gov

105

idn

safari

spoofing

domain names

phishing

security vulnerability

cve-2005-0234

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Affected configurations

Nvd

Node

applesafariMatch1.2.5

VendorProductVersionCPE
applesafari1.2.5cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	1.2.5	cpe:2.3:a:apple:safari:1.2.5:::::::*

References

lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

marc.info/?l=bugtraq&m=110782704923280&w=2

www.securityfocus.com/bid/12461

www.shmoo.com/idn

www.shmoo.com/idn/homograph.txt

exchange.xforce.ibmcloud.com/vulnerabilities/19236

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON

Related for CVE-2005-0234