Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-5034
HistorySep 21, 2007 - 12:00 a.m.

CVE-2007-5034

2007-09-2100:00:00
ubuntu.com
ubuntu.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

ELinks before 0.11.3, when sending a POST request for an https URL, appends
the body and content headers of the POST request to the CONNECT request in
cleartext, which allows remote attackers to sniff sensitive data that would
have been protected by TLS. NOTE: this issue only occurs when a proxy is
defined for https.

Notes

Author Note
jdstrand 0.11.3 and higher not vulnerable
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchelinks< 0.10.6-1ubuntu3.2UNKNOWN
ubuntu6.10noarchelinks< 0.11.1-1ubuntu2.2UNKNOWN
ubuntu7.04noarchelinks< 0.11.1-1.2ubuntu2.2UNKNOWN

Related

prion 1
nessus 8
openvas 9
redhat 1
veracode 1
oraclelinux 1
debian 1
ubuntu 1
debiancve 1
cvelist 1
securityvulns 2
fedora 1
osv 1
cve 1
centos 1
prion
prion
Design/Logic Flaw
2007-09-21 20:17:00
nessus
nessus
Oracle Linux 4 / 5 : elinks (ELSA-2007-0933)
2013-07-12 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-519-1)
2007-11-10 00:00:00
RHEL 4 / 5 : elinks (RHSA-2007:0933)
2007-10-09 00:00:00
openvas
openvas
Ubuntu Update for elinks vulnerability USN-519-1
2009-03-23 00:00:00
Fedora Update for elinks FEDORA-2007-710
2009-02-27 00:00:00
Debian: Security Advisory (DSA-1380-1)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2007:0933) Moderate: elinks security update
2007-10-03 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:19:01
oraclelinux
oraclelinux
Moderate: elinks security update
2007-10-03 00:00:00
debian
debian
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure
2007-10-02 00:00:00
ubuntu
ubuntu
elinks vulnerability
2007-09-25 00:00:00
debiancve
debiancve
CVE-2007-5034
2007-09-21 20:17:00
cvelist
cvelist
CVE-2007-5034
2007-09-21 20:00:00
securityvulns
securityvulns
elinks information leak
2007-10-04 00:00:00
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure
2007-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: elinks-0.11.3-1.fc7
2007-09-24 17:58:52
osv
osv
elinks - information disclosure
2007-10-02 00:00:00
cve
cve
CVE-2007-5034
2007-09-21 20:17:00
centos
centos
elinks security update
2007-10-03 16:19:25

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON
Related for UB:CVE-2007-5034
prion1nessus8openvas9redhat1veracode1oraclelinux1debian1ubuntu1debiancve1cvelist1securityvulns2fedora1osv1cve1centos1