CVE-2005-0237
First published: Mon Feb 07 2005(Updated: )
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE Konqueror | =3.2.1 | |
| KDE KDE | =3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- http://www.kde.org/info/security/advisory-20050316-2.txt
- http://secunia.com/advisories/14162
- http://www.redhat.com/support/errata/RHSA-2005-325.html
- http://www.securityfocus.com/bid/12461
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
- http://www.securityfocus.com/archive/1/427976/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/kde
- canonical/kde konqueror
- version/kde konqueror/3.2.1
- canonical/kde kde
- version/kde kde/3.2.1