4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
elinks is vulnerable information disclosure. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
elinks | eq | 0.11.1__5.1.el5 | |
elinks | eq | 0.11.1__5.1.el5 |
bugzilla.elinks.cz/show_bug.cgi?id=937
secunia.com/advisories/26936
secunia.com/advisories/26949
secunia.com/advisories/26956
secunia.com/advisories/27038
secunia.com/advisories/27062
secunia.com/advisories/27125
secunia.com/advisories/27132
www.debian.org/security/2007/dsa-1380
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-0933.html
www.securityfocus.com/archive/1/481606/100/0/threaded
www.securityfocus.com/bid/25799
www.securitytracker.com/id?1018764
www.ubuntu.com/usn/usn-519-1
www.vupen.com/english/advisories/2007/3278
access.redhat.com/errata/RHSA-2007:0933
bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
bugzilla.redhat.com/show_bug.cgi?id=297981
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335
www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html
www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html