CVE-1999-1549

Description

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.

Affected Software
References

Software	From	Fixed in
lynx_project / lynx	2.7	2.7.x
lynx_project / lynx	2.8	2.8.x

http://marc.info/?l=bugtraq&m=94286509804526&w=2
http://www.securityfocus.com/bid/804

Severity: High

CVE: CVE-1999-1549
Published: Nov 16, 1999
Updated: May 9, 2024
Exploit:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-346

CVE-1999-1549

Description

Details

CVSS v3

CVSS v2

CWEs