4.3

CVE-2007-5034

EPSS 2.15%
Veröffentlicht 21.09.2007 20:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS.  NOTE: this issue only occurs when a proxy is defined for https.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 23

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elinks ≫ Elinks Version <= 0.11.1

Elinks ≫ Elinks Version <= 0.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.15%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://bugzilla.elinks.cz/show_bug.cgi?id=937

http://secunia.com/advisories/26936

http://secunia.com/advisories/26949

http://secunia.com/advisories/26956

http://secunia.com/advisories/27038

http://secunia.com/advisories/27062

http://secunia.com/advisories/27125

http://secunia.com/advisories/27132

http://www.debian.org/security/2007/dsa-1380

http://www.redhat.com/support/errata/RHSA-2007-0933.html

http://www.securityfocus.com/archive/1/481606/100/0/threaded

http://www.securityfocus.com/bid/25799

http://www.securitytracker.com/id?1018764

http://www.ubuntu.com/usn/usn-519-1

http://www.vupen.com/english/advisories/2007/3278

https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018

https://bugzilla.redhat.com/show_bug.cgi?id=297981

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html

https://nvd.nist.gov/vuln/detail/CVE-2007-5034

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5034

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5034

EUVD