CVE-2008-1999

EUVD-2008-1997
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
applesafari
3.1.1
𝑥
= Vulnerable software versions
References
http://es.geocities.com/jplopezy/pruebasafari3.html
http://secunia.com/advisories/29900
http://securityreason.com/securityalert/3833
http://www.securityfocus.com/archive/1/491192/100/0/threaded
http://www.vupen.com/english/advisories/2008/1347
https://exchange.xforce.ibmcloud.com/vulnerabilities/41981
http://es.geocities.com/jplopezy/pruebasafari3.html
http://secunia.com/advisories/29900
http://securityreason.com/securityalert/3833
http://www.securityfocus.com/archive/1/491192/100/0/threaded
http://www.vupen.com/english/advisories/2008/1347
https://exchange.xforce.ibmcloud.com/vulnerabilities/41981