CVE-2008-1999 — Apple Safari vulnerability

8 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedApr 28

Latest updateMay 1

Description

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari3.1.1

🔴Vulnerability Details

GHSA

GHSA-36m2-mxfm-7fx8: Apple Safari 3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)↗2008-04-04

▶

Exploit-DB

samPHPweb 4.2.2 - 'songinfo.php' SQL Injection↗2008-01-05

▶

Exploit-DB

samPHPweb 4.2.2 - 'db.php' Remote File Inclusion↗2008-01-04

▶

📋Vendor Advisories

Red Hat

WebKit: address bar spoofing using URLs with spaces↗2008-04-22

▶

Red Hat

gcc: gcc-4.2 may optimize out certain length checks↗2008-03-30

▶

💬Community

Bugzilla

CVE-2008-1999 WebKit: address bar spoofing using URLs with spaces↗2008-05-06

▶