CVE-2005-0235

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html	Broken Link Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2	Mailing List
http://www.novell.com/linux/security/advisories/2005_31_opera.html	Broken Link
http://www.securityfocus.com/bid/12461	Broken Link Third Party Advisory VDB Entry
http://www.shmoo.com/idn	Broken Link Exploit
http://www.shmoo.com/idn/homograph.txt	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2024-02-28 10:42

NVD link : CVE-2005-0235

Mitre link : CVE-2005-0235

CVE.ORG link : CVE-2005-0235

JSON object : View

Products Affected

opera

opera_browser

CWE

NVD-CWE-noinfo

{"id": "CVE-2005-0235", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2005_31_opera.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/12461", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.shmoo.com/idn", "tags": ["Broken Link", "Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.shmoo.com/idn/homograph.txt", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."}], "lastModified": "2022-02-28T17:45:57.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF", "versionEndIncluding": "7.54"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}