Vulnerability Description
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 3.1.1 |
References
- http://es.geocities.com/jplopezy/pruebasafari3.html
- http://secunia.com/advisories/29900Vendor Advisory
- http://securityreason.com/securityalert/3833
- http://www.securityfocus.com/archive/1/491192/100/0/threaded
- http://www.vupen.com/english/advisories/2008/1347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41981
- http://es.geocities.com/jplopezy/pruebasafari3.html
- http://secunia.com/advisories/29900Vendor Advisory
- http://securityreason.com/securityalert/3833
- http://www.securityfocus.com/archive/1/491192/100/0/threaded
- http://www.vupen.com/english/advisories/2008/1347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41981
FAQ
What is CVE-2008-1999?
CVE-2008-1999 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as d...
How severe is CVE-2008-1999?
CVE-2008-1999 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1999?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.