Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-0237 | First vendor Publication | 2005-05-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0237 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10671 | |||
| Oval ID: | oval:org.mitre.oval:def:10671 | ||
| Title: | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||
| Description: | The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0237 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for kdelibs3 File : nvt/sles9p5012454.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61027 | KDE Konqueror International Domain Name (IDN) Punycode Encoded Domain Name Sp... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-245.nasl - Type : ACT_GATHER_INFO |
| 2005-04-12 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_022.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-325.nasl - Type : ACT_GATHER_INFO |
| 2005-03-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-058.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:16 |
|
| 2024-11-28 12:06:43 |
|
| 2021-05-04 12:02:45 |
|
| 2021-04-22 01:02:57 |
|
| 2020-05-23 00:16:19 |
|
| 2018-10-19 21:19:36 |
|
| 2017-10-11 09:23:28 |
|
| 2017-07-11 12:01:48 |
|
| 2016-04-26 13:15:25 |
|
| 2014-02-17 10:29:56 |
|
| 2013-05-11 11:20:44 |
|
