CVE-2005-0237

high

Description

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671

https://exchange.xforce.ibmcloud.com/vulnerabilities/19236

http://www.shmoo.com/idn/homograph.txt

http://www.securityfocus.com/bid/12461

http://www.securityfocus.com/archive/1/427976/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2005-325.html

http://www.mandriva.com/security/advisories?name=MDKSA-2005:058

http://www.kde.org/info/security/advisory-20050316-2.txt

http://secunia.com/advisories/14162

http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High