Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5034

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5034
Last Modified 07 Mar 2011 09:59:58
Published 21 Sep 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5034

Summary

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Vulnerable Systems

Application

  • Elinks 0.11.1

  • Elinks 0.11.2


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018

VUPEN - ADV-2007-3278

CONFIRM - http://bugzilla.elinks.cz/show_bug.cgi?id=937

FEDORA - FEDORA-2007-2224

FEDORA - FEDORA-2007-710

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=297981

UBUNTU - USN-519-1

SECTRACK - 1018764

BID - 25799

BUGTRAQ - 20071005 rPSA-2007-0209-1 elinks

REDHAT - RHSA-2007:0933

DEBIAN - DSA-1380

SECUNIA - 27132

SECUNIA - 27125

SECUNIA - 27062

SECUNIA - 27038

SECUNIA - 26956

SECUNIA - 26949

SECUNIA - 26936


Last Updated: 27 May 2016 10:46:02