Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2012-4545

Published: 03/01/2013 Updated: 29/08/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 prior to 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.

Vulnerable Product Search on Vulmon Subscribe to Product

elinks elinks 0.12

Vendor Advisories

Red Hat: Moderate: elinks security update
Synopsis Moderate: elinks security update Type/Severity Security Advisory: Moderate Topic An updated elinks package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerab ...
Debian Security Advisories: DSA-2592-1 elinks -- programming error
Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate For the stable distribution (squeeze), this problem has been fixed in version 012~pre5-2+squeeze1 Since the initial Squeeze release, XULRunner needed to be updated and the version currently in the archive is incompatib ...

References

CWE-287http://repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.chttp://www.debian.org/security/2012/dsa-2592http://secunia.com/advisories/51569http://www.securityfocus.com/bid/57065http://bugzilla.elinks.cz/show_bug.cgi?id=1124http://rhn.redhat.com/errata/RHSA-2013-0250.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:075https://exchange.xforce.ibmcloud.com/vulnerabilities/80882https://access.redhat.com/errata/RHSA-2013:0250https://nvd.nist.govhttps://www.debian.org/security/./dsa-2592
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976CVE-2024-33557CVE-2024-36801CVE-2024-35654authentication bypassCVE-2024-24919CSRFcode executionCVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook