CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.1%
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers
to spoof the address bar and possibly conduct phishing attacks via a long
hostname, which is truncated after a certain number of characters, as
demonstrated by a phishing attack using HTTP Basic Authentication.
Author | Note |
---|---|
jdstrand | CVE references konqueror 3.5.5, but securityfocus references opera. securityfocus says that other browsers may be affected, and there is test exploit code. Need to verify on konqueror. |
kees | this may already be solved from CVE-2007-3820, CVE-2007-4224, and CVE-2007-4225. |