Vulnerabilities > CVE-2008-1999 - Remote Security vulnerability in Apple Safari 3.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://es.geocities.com/jplopezy/pruebasafari3.html
- http://secunia.com/advisories/29900
- http://securityreason.com/securityalert/3833
- http://www.securityfocus.com/archive/1/491192/100/0/threaded
- http://www.vupen.com/english/advisories/2008/1347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41981