CVE-2012-0584 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation CWE-1007 — Insufficient Visual Distinction of Homoglyphs Presented to User4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.7%

top 27.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 12

Latest updateMay 14

Description

The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDapple/safari5.1.2+70

🔴Vulnerability Details

GHSA

GHSA-qv57-ggxq-5m8m: The Internationalized Domain Name (IDN) feature in Apple Safari before 5↗2022-05-14

▶

📐Framework References

CWE

Insufficient Visual Distinction of Homoglyphs Presented to User↗

▶

CAPEC

Homograph Attack via Homoglyphs

▶