CVE-2005-0237

6 documents5 sources

Severity

5.0MEDIUM

EPSS

1.0%

top 22.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE KDE KDE Konqueror

Timeline

PublishedMay 2

Latest updateMay 1

Description

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDkde/konqueror3.2.1

▶NVDkde/kde3.2.1

Patches

Patch: secunia.com ↗Patch: www.kde.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jm2-5rf3-c2fc: The International Domain Name (IDN) support in Konqueror 3↗2022-05-01

▶

CVEList

CVE-2005-0237: The International Domain Name (IDN) support in Konqueror 3↗2005-02-07

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-02-07

▶

💬Community

Bugzilla

CVE-2005-0237 security flaw↗2018-08-16

▶