Lucene search

[email protected]CVE-2008-1999

HistoryApr 28, 2008 - 8:05 p.m.

CVE-2008-1999

2008-04-2820:05:00

[email protected]

web.nvd.nist.gov

apple

safari

spoofing

address bar

remote attackers

cve-2008-1999

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many “invisible” characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

Affected configurations

NVD

Node

applesafariMatch3.1.1

CPENameOperatorVersion
apple:safariapple safarieq3.1.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	3.1.1

References

es.geocities.com/jplopezy/pruebasafari3.html

secunia.com/advisories/29900

securityreason.com/securityalert/3833

www.securityfocus.com/archive/1/491192/100/0/threaded

www.vupen.com/english/advisories/2008/1347

exchange.xforce.ibmcloud.com/vulnerabilities/41981

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2008-1999

cvelist1 nvd1 checkpoint_advisories1 prion1