[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5034Date: (C)2007-09-21   (M)2023-12-22


ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018764
http://www.securityfocus.com/archive/1/481606/100/0/threaded
BID-25799
SECUNIA-26936
SECUNIA-26949
SECUNIA-26956
SECUNIA-27038
SECUNIA-27062
SECUNIA-27125
SECUNIA-27132
ADV-2007-3278
DSA-1380
FEDORA-2007-2224
FEDORA-2007-710
RHSA-2007:0933
USN-519-1
http://bugzilla.elinks.cz/show_bug.cgi?id=937
https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
https://bugzilla.redhat.com/show_bug.cgi?id=297981
oval:org.mitre.oval:def:10335

CPE    1
cpe:/a:elinks:elinks
CWE    1
CWE-200

© SecPod Technologies