Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1999

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1999
Last Modified 07 Mar 2011 10:08:33
Published 28 Apr 2008 04:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1999

Summary

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

Vulnerable Systems

Application

  • Apple Safari 3.1.1


References

XF - apple-safari-user-addressbar-spoofing(41981)

VUPEN - ADV-2008-1347

BUGTRAQ - 20080422 Safari 3.1.1 Multiple Vulnerabilities for windows

SREASON - 3833

SECUNIA - 29900

MISC - http://es.geocities.com/jplopezy/pruebasafari3.html


Last Updated: 27 May 2016 10:47:43