CVE-2008-1999

Published: Apr 28, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

Affected (1)

Products: Apple: Safari

Apple

1 product

Safari

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 3.1.1

References (12)

http://es.geocities.com/jplopezy/pruebasafari3.html

Source: cve@mitre.org

http://secunia.com/advisories/29900

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/3833

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/491192/100/0/threaded

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1347

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41981

Source: cve@mitre.org

http://es.geocities.com/jplopezy/pruebasafari3.html