CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
http://marc.info/?l=bugtraq&m=102978118411977&w=2
http://marc.info/?l=bugtraq&m=103003793418021&w=2
http://www.debian.org/security/2002/dsa-210	Patch Vendor Advisory
http://www.iss.net/security_center/static/9887.php	Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.securityfocus.com/bid/5499
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
http://marc.info/?l=bugtraq&m=102978118411977&w=2
http://marc.info/?l=bugtraq&m=103003793418021&w=2
http://www.debian.org/security/2002/dsa-210	Patch Vendor Advisory
http://www.iss.net/security_center/static/9887.php	Patch Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.securityfocus.com/bid/5499
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elinks:elinks:0.2.4:::::::*
	cpe:2.3:a:elinks:elinks:0.3.2:::::::*
	cpe:2.3:a:links:links:0.96:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.3:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.4:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:::::::*

History

20 Nov 2024, 23:41

Type	Values Removed	Values Added
References	~~() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt -~~	() ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt -
References	~~() http://marc.info/?l=bugtraq&m=102978118411977&w=2 -~~	() http://marc.info/?l=bugtraq&m=102978118411977&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=103003793418021&w=2 -~~	() http://marc.info/?l=bugtraq&m=103003793418021&w=2 -
References	~~() http://www.debian.org/security/2002/dsa-210 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2002/dsa-210 - Patch, Vendor Advisory
References	~~() http://www.iss.net/security_center/static/9887.php - Patch, Vendor Advisory~~	() http://www.iss.net/security_center/static/9887.php - Patch, Vendor Advisory
References	~~() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 -~~	() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-029.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-029.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-030.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-030.html -
References	~~() http://www.securityfocus.com/bid/5499 -~~	() http://www.securityfocus.com/bid/5499 -
References	~~() http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt -~~	() http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt -

Information

Published : 2003-02-19 05:00

Updated : 2024-11-20 23:41

NVD link : CVE-2002-1405

Mitre link : CVE-2002-1405

CVE.ORG link : CVE-2002-1405

JSON object : View

Products Affected

elinks

elinks

university_of_kansas

lynx

links

links

CWE

NVD-CWE-Other

5.0 /10