CVE-2005-0237

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html Exploit Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html Vendor Advisory
http://secunia.com/advisories/14162 Patch Vendor Advisory
http://www.kde.org/info/security/advisory-20050316-2.txt Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-325.html
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn Exploit
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html Exploit Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html Vendor Advisory
http://secunia.com/advisories/14162 Patch Vendor Advisory
http://www.kde.org/info/security/advisory-20050316-2.txt Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-325.html
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn Exploit
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
Configurations

Configuration 1 (hide)

cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html - Exploit, Vendor Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html - Exploit, Vendor Advisory
References () http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html - Vendor Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html - Vendor Advisory
References () http://secunia.com/advisories/14162 - Patch, Vendor Advisory () http://secunia.com/advisories/14162 - Patch, Vendor Advisory
References () http://www.kde.org/info/security/advisory-20050316-2.txt - Patch, Vendor Advisory () http://www.kde.org/info/security/advisory-20050316-2.txt - Patch, Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 - () http://www.mandriva.com/security/advisories?name=MDKSA-2005:058 -
References () http://www.redhat.com/support/errata/RHSA-2005-325.html - () http://www.redhat.com/support/errata/RHSA-2005-325.html -
References () http://www.securityfocus.com/archive/1/427976/100/0/threaded - () http://www.securityfocus.com/archive/1/427976/100/0/threaded -
References () http://www.securityfocus.com/bid/12461 - () http://www.securityfocus.com/bid/12461 -
References () http://www.shmoo.com/idn - Exploit () http://www.shmoo.com/idn - Exploit
References () http://www.shmoo.com/idn/homograph.txt - () http://www.shmoo.com/idn/homograph.txt -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:54


NVD link : CVE-2005-0237

Mitre link : CVE-2005-0237

CVE.ORG link : CVE-2005-0237


JSON object : View

Products Affected

kde

  • konqueror
  • kde