Vulnerability Description
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elinks | Elinks | 0.2.4 |
| Links | Links | 0.96 |
| University Of Kansas | Lynx | 2.8.2_rel1 |
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
- http://marc.info/?l=bugtraq&m=102978118411977&w=2
- http://marc.info/?l=bugtraq&m=103003793418021&w=2
- http://www.debian.org/security/2002/dsa-210PatchVendor Advisory
- http://www.iss.net/security_center/static/9887.phpPatchVendor Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
- http://www.redhat.com/support/errata/RHSA-2003-029.html
- http://www.redhat.com/support/errata/RHSA-2003-030.html
- http://www.securityfocus.com/bid/5499
- http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
- http://marc.info/?l=bugtraq&m=102978118411977&w=2
- http://marc.info/?l=bugtraq&m=103003793418021&w=2
- http://www.debian.org/security/2002/dsa-210PatchVendor Advisory
- http://www.iss.net/security_center/static/9887.phpPatchVendor Advisory
FAQ
What is CVE-2002-1405?
CVE-2002-1405 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carr...
How severe is CVE-2002-1405?
CVE-2002-1405 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1405?
Check the references section above for vendor advisories and patch information. Affected products include: Elinks Elinks, Links Links, University Of Kansas Lynx.