RedhatCVE-2005-0237CVE-2005-0237
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
84.1%
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Affected configurations
References
lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
secunia.com/advisories/14162
www.kde.org/info/security/advisory-20050316-2.txt
www.mandriva.com/security/advisories?name=MDKSA-2005:058
www.redhat.com/support/errata/RHSA-2005-325.html
www.securityfocus.com/archive/1/427976/100/0/threaded
www.securityfocus.com/bid/12461
www.shmoo.com/idn
www.shmoo.com/idn/homograph.txt
exchange.xforce.ibmcloud.com/vulnerabilities/19236
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
84.1%