CVE-2002-1405

medium

Description

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

References

http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt

http://www.securityfocus.com/bid/5499

http://www.redhat.com/support/errata/RHSA-2003-030.html

http://www.redhat.com/support/errata/RHSA-2003-029.html

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023

http://www.iss.net/security_center/static/9887.php

http://www.debian.org/security/2002/dsa-210

http://marc.info/?l=bugtraq&m=103003793418021&w=2

http://marc.info/?l=bugtraq&m=102978118411977&w=2

Details

Source: Mitre, NVD

Published: 2003-02-19

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium