Vulnerability Description
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Konqueror | 3.2.1 |
| Kde | Kde | 3.2.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.htmlVendor Advisory
- http://secunia.com/advisories/14162PatchVendor Advisory
- http://www.kde.org/info/security/advisory-20050316-2.txtPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
- http://www.redhat.com/support/errata/RHSA-2005-325.html
- http://www.securityfocus.com/archive/1/427976/100/0/threaded
- http://www.securityfocus.com/bid/12461
- http://www.shmoo.com/idnExploit
- http://www.shmoo.com/idn/homograph.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.htmlVendor Advisory
- http://secunia.com/advisories/14162PatchVendor Advisory
FAQ
What is CVE-2005-0237?
CVE-2005-0237 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certifica...
How severe is CVE-2005-0237?
CVE-2005-0237 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0237?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Konqueror, Kde Kde.