4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.3%
ELinks before 0.11.3, when sending a POST request for an https URL, appends
the body and content headers of the POST request to the CONNECT request in
cleartext, which allows remote attackers to sniff sensitive data that would
have been protected by TLS. NOTE: this issue only occurs when a proxy is
defined for https.
Author | Note |
---|---|
jdstrand | 0.11.3 and higher not vulnerable |