CVE-2005-0236
published 2005-05-02CVE-2005-0236: The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in…
PriorityP415medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.00%
58.6th percentile
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| omnigroup | omniweb | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CAPEC
Homograph Attack via Homoglyphs
mitre_capec
[MEDIUM] Homograph Attack via Homoglyphs
CAPEC-632: Homograph Attack via Homoglyphs
An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.
Alternate Terms: Homoglyph Attack
Execution Flow:
Step 1 [Explore]: [Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Technique: Research popular or high traffic websites.
Step 2 [Experiment]: [Impersonate trusted domain]
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236
2005-05-02
Published