| Vulnerability Name: | CVE-2008-1999 (CCN-41981) | ||||||||
| Assigned: | 2008-04-24 | ||||||||
| Published: | 2008-04-24 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:U/RC:UR)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1999 Source: CCN Type: Juan Pablo Lopez Yacubian Advisories Multiple vulnerabilities in Safari 3.1.1 (525.17) Source: MISC Type: UNKNOWN http://es.geocities.com/jplopezy/pruebasafari3.html Source: CCN Type: SA29900 Safari Address Bar URL Spoofing Security Issue Source: SECUNIA Type: Vendor Advisory 29900 Source: SREASON Type: UNKNOWN 3833 Source: CCN Type: Apple Safari Web site Download Safari Source: CCN Type: OSVDB ID: 44658 Apple Safari Crafted User String Address Bar URL Spoofing Source: BUGTRAQ Type: UNKNOWN 20080422 Safari 3.1.1 Multiple Vulnerabilities for windows Source: CCN Type: BID-28891 Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2008-1347 Source: XF Type: UNKNOWN apple-safari-user-addressbar-spoofing(41981) Source: XF Type: UNKNOWN apple-safari-user-addressbar-spoofing(41981) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||