CVE-2005-0237
First published: Mon Feb 07 2005(Updated: )
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Konqueror | =3.2.1 | |
| KDE Kde Beta 3 | =3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- http://www.kde.org/info/security/advisory-20050316-2.txt
- http://secunia.com/advisories/14162
- http://www.redhat.com/support/errata/RHSA-2005-325.html
- http://www.securityfocus.com/bid/12461
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
- http://www.securityfocus.com/archive/1/427976/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-0237?
CVE-2005-0237 is considered a high severity vulnerability due to the potential for phishing attacks through domain name spoofing.
How do I fix CVE-2005-0237?
To fix CVE-2005-0237, upgrade to a patched version of Konqueror that addresses the issue with IDN support.
What software is affected by CVE-2005-0237?
CVE-2005-0237 affects Konqueror version 3.2.1 on KDE 3.2.1.
What type of attack does CVE-2005-0237 enable?
CVE-2005-0237 enables attackers to conduct phishing attacks by spoofing domain names using homograph characters.
Can CVE-2005-0237 impact SSL certificates?
Yes, CVE-2005-0237 can impact SSL certificates by allowing spoofed domain names in SSL contexts.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/kde
- canonical/konqueror
- version/konqueror/3.2.1
- canonical/kde kde beta 3
- version/kde kde beta 3/3.2.1