Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-5034

Published: 21/09/2007 Updated: 15/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

ELinks prior to 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote malicious users to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Vulnerable Product Search on Vulmon Subscribe to Product

elinks elinks

Vendor Advisories

Ubuntu Security Notice: elinks vulnerability
Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy Attackers with access to the network could steal sensitive information (such as passwords) ...
Debian CVElist Bug Report Logs: CVE-2007-5034 possible secret information disclosure
Debian Bug report logs - #443914 CVE-2007-5034 possible secret information disclosure Package: elinks; Maintainer for elinks is أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@userssourceforgenet>; Source for elinks is src:elinks (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Mon, ...

References

CWE-200http://bugzilla.elinks.cz/show_bug.cgi?id=937https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018https://bugzilla.redhat.com/show_bug.cgi?id=297981http://www.debian.org/security/2007/dsa-1380https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0933.htmlhttp://www.ubuntu.com/usn/usn-519-1http://www.securityfocus.com/bid/25799http://www.securitytracker.com/id?1018764http://secunia.com/advisories/26936http://secunia.com/advisories/26956http://secunia.com/advisories/26949http://secunia.com/advisories/27062http://secunia.com/advisories/27125http://secunia.com/advisories/27132http://secunia.com/advisories/27038http://www.vupen.com/english/advisories/2007/3278https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335http://www.securityfocus.com/archive/1/481606/100/0/threadedhttps://usn.ubuntu.com/519-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook