Lucene search

[email protected]CVE-2007-3742

HistoryAug 03, 2007 - 8:17 p.m.

CVE-2007-3742

2007-08-0320:17:00

CWE-59

CWE-16

[email protected]

web.nvd.nist.gov

cve-2007-3742

webkit

apple safari

idn

unicode fonts

phishing attacks

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing “look-alike characters” (homographs) and possibly perform phishing attacks.

CPENameOperatorVersion
apple:safariapple safarile3.0.2

CPE	Name	Operator	Version
apple:safari	apple safari	le	3.0.2

References

docs.info.apple.com/article.html?artnum=306173

docs.info.apple.com/article.html?artnum=306174

isc.sans.org/diary.html?storyid=3214

secunia.com/advisories/26287

www.securityfocus.com/bid/24636

www.securitytracker.com/id?1018488

www.vupen.com/english/advisories/2007/2730

www.vupen.com/english/advisories/2007/2731

exchange.xforce.ibmcloud.com/vulnerabilities/35716

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2007-3742

prion1 jvn1 seebug2 nessus1