|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-06 | |
| Rule Name: | Apple Safari for Windows URL Spoofing Vulnerability (CVE-2008-1999) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | |
| Impact: | An attacker can masquerade his identity and deceive users to gain an illegitimate advantage. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | http://es.geocities.com/jplopezy/pruebasafari3.html http://securityreason.com/securityalert/3833 http://www.securityfocus.com/archive/1/491192/100/0/threaded http://www.vupen.com/english/advisories/2008/1347 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.apple.com/safari/download/ |