CVE-2008-1999
First published: Mon Apr 28 2008(Updated: )
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | =3.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-1999?
CVE-2008-1999 is considered a moderate severity vulnerability due to its potential to allow address bar spoofing.
How do I fix CVE-2008-1999?
To mitigate CVE-2008-1999, users should upgrade to a newer version of Apple Safari that has patched this vulnerability.
Which versions of Apple Safari are affected by CVE-2008-1999?
CVE-2008-1999 specifically affects Apple Safari version 3.1.1.
What type of attack does CVE-2008-1999 exploit?
CVE-2008-1999 exploits URL manipulation to spoof the address bar, leading users to believe they are visiting a legitimate site.
Is CVE-2008-1999 a widely exploited vulnerability?
As of the latest reports, CVE-2008-1999 has not been widely exploited in the wild, but it poses a risk due to its nature.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/safari
- version/safari/3.1.1