CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	6.1.4 (including)
Safari	Apple	6.0 (including)	6.0 (including)
Safari	Apple	6.0.1 (including)	6.0.1 (including)
Safari	Apple	6.0.2 (including)	6.0.2 (including)
Safari	Apple	6.0.3 (including)	6.0.3 (including)
Safari	Apple	6.0.4 (including)	6.0.4 (including)
Safari	Apple	6.0.5 (including)	6.0.5 (including)
Safari	Apple	6.1 (including)	6.1 (including)
Safari	Apple	6.1.1 (including)	6.1.1 (including)
Safari	Apple	6.1.2 (including)	6.1.2 (including)
Safari	Apple	6.1.3 (including)	6.1.3 (including)
Qtwebkit-opensource-src	Ubuntu	devel	*
Qtwebkit-opensource-src	Ubuntu	esm-infra/xenial	*
Qtwebkit-opensource-src	Ubuntu	trusty	*
Qtwebkit-opensource-src	Ubuntu	vivid	*
Qtwebkit-opensource-src	Ubuntu	wily	*
Qtwebkit-opensource-src	Ubuntu	xenial	*
Qtwebkit-opensource-src	Ubuntu	yakkety	*
Qtwebkit-source	Ubuntu	devel	*
Qtwebkit-source	Ubuntu	esm-apps/xenial	*
Qtwebkit-source	Ubuntu	precise	*
Qtwebkit-source	Ubuntu	trusty	*
Qtwebkit-source	Ubuntu	vivid	*
Qtwebkit-source	Ubuntu	wily	*
Qtwebkit-source	Ubuntu	xenial	*
Qtwebkit-source	Ubuntu	yakkety	*
Webkit	Ubuntu	precise	*
Webkitgtk	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1345
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References