CVE-2007-3145

Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/43467
http://testing.bitsploit.de/test.html
http://www.0x000000.com/?i=334	Exploit
http://www.securityfocus.com/bid/24352	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/34983

Configurations

Configuration 1 (hide)

cpe:2.3:a:galeon:galeon_browser:2.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-11 18:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3145

Mitre link : CVE-2007-3145

CVE.ORG link : CVE-2007-3145

JSON object : View

Products Affected

galeon

galeon_browser

CWE

NVD-CWE-Other

{"id": "CVE-2007-3145", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-11T18:30:00.000", "references": [{"url": "http://osvdb.org/43467", "source": "cve@mitre.org"}, {"url": "http://testing.bitsploit.de/test.html", "source": "cve@mitre.org"}, {"url": "http://www.0x000000.com/?i=334", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24352", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34983", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication."}, {"lang": "es", "value": "Vulnerabilidad de truncamiento visual en Galeon 2.0.1 permite a atacantes remotos envenenar la barra de direcci\u00f3n y posiblemente realizar ataques de phishing a trav\u00e9s de un nombre de host largo, el cual est\u00e1 truncado despu\u00e9s de un cierto n\u00famero de caract\u00e9res, como se demostr\u00f3 con la utilizaci\u00f3n de un ataque de phishing utilizando HTTP Basic Authentication."}], "lastModified": "2017-07-29T01:32:00.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:galeon:galeon_browser:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332397C6-F2AC-4CA0-91B1-60A31522E737"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}