CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
References
Link Resource
http://www.openwall.com/lists/oss-security/2016/11/04/1 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/94215 Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/11/04/1 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/94215 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:lynx:lynx:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:00

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/11/04/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/11/04/1 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/94215 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/94215 - Third Party Advisory, VDB Entry

Information

Published : 2016-12-22 21:59

Updated : 2024-11-21 03:00


NVD link : CVE-2016-9179

Mitre link : CVE-2016-9179

CVE.ORG link : CVE-2016-9179


JSON object : View

Products Affected

lynx

  • lynx
CWE
CWE-20

Improper Input Validation