CVE-2005-0234

Опубликовано: 02 мая 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Ссылки

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Exploit
Vendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
Exploit
http://www.shmoo.com/idn/homograph.txt
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Exploit
Vendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
Exploit
http://www.shmoo.com/idn/homograph.txt
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00495

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fgff-c9rr-m5xx

github

почти 4 года назад