Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2002-1405

Published: 19/02/2003 Updated: 18/10/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Lynx

Vulnerability Summary

CRLF injection vulnerability in Lynx 2.8.4 and previous versions allows remote malicious users to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Vulnerable Product Search on Vulmon Subscribe to Product

university of kansas lynx 2.8.2_rel1

university of kansas lynx 2.8.3

elinks elinks 0.3.2

links links 0.96

elinks elinks 0.2.4

university of kansas lynx 2.8.4_rel1

university of kansas lynx 2.8.5_dev8

university of kansas lynx 2.8.3_rel1

university of kansas lynx 2.8.4

Vendor Advisories

Debian Security Advisories: DSA-210-1 lynx -- CRLF injection
lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request For Debian GNU/Linux 22/potato this has been fixed in version 283-11 of the lynx package and version 2831-11 of the lynx-ssl package For Deb ...

Exploits

Exploit DB: Lynx 2.8.x - Command Line URL CRLF Injection
source: wwwsecurityfocuscom/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages If Lynx is called from the command line, carriage return and line feed (CRLF) characters may be included in the specified URL These characters are not escaped ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2002/dsa-210http://www.iss.net/security_center/static/9887.phpftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txthttp://www.redhat.com/support/errata/RHSA-2003-029.htmlhttp://www.redhat.com/support/errata/RHSA-2003-030.htmlhttp://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txthttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023http://www.securityfocus.com/bid/5499http://marc.info/?l=bugtraq&m=103003793418021&w=2http://marc.info/?l=bugtraq&m=102978118411977&w=2https://nvd.nist.govhttps://www.debian.org/security/./dsa-210https://www.exploit-db.com/exploits/21722/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook