CVE-2005-0235 — MEDIUM (5.0)

Q: How severe is CVE-2005-0235?

CVE-2005-0235 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-0235?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.

Vulnerability Description

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Opera	Opera Browser	<= 7.54

References

http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken LinkExploitVendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2Mailing List
http://www.novell.com/linux/security/advisories/2005_31_opera.htmlBroken Link
http://www.securityfocus.com/bid/12461Broken LinkThird Party AdvisoryVDB Entry
http://www.shmoo.com/idnBroken LinkExploit
http://www.shmoo.com/idn/homograph.txtBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party AdvisoryVDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken LinkExploitVendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2Mailing List
http://www.novell.com/linux/security/advisories/2005_31_opera.htmlBroken Link
http://www.securityfocus.com/bid/12461Broken LinkThird Party AdvisoryVDB Entry
http://www.shmoo.com/idnBroken LinkExploit
http://www.shmoo.com/idn/homograph.txtBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party AdvisoryVDB Entry

FAQ

What is CVE-2005-0235?

CVE-2005-0235 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that ...

How severe is CVE-2005-0235?

CVE-2005-0235 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0235?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.