CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Published: Feb 19, 2003
Updated: Apr 13, 2023
CVE: CVE-2002-1405
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
elinks / elinks	0.3.2	0.3.2.x
university_of_kansas / lynx	2.8.4	2.8.4.x
university_of_kansas / lynx	2.8.4_rel1	2.8.4_rel1.x
university_of_kansas / lynx	2.8.3	2.8.3.x
university_of_kansas / lynx	2.8.5_dev8	2.8.5_dev8.x
university_of_kansas / lynx	2.8.2_rel1	2.8.2_rel1.x
links / links	0.96	0.96.x
university_of_kansas / lynx	2.8.3_rel1	2.8.3_rel1.x
elinks / elinks	0.2.4	0.2.4.x

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
http://marc.info/?l=bugtraq&m=102978118411977&w=2
http://marc.info/?l=bugtraq&m=103003793418021&w=2
http://www.debian.org/security/2002/dsa-210
http://www.iss.net/security_center/static/9887.php
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.securityfocus.com/bid/5499
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt

Vulnerability Database

289,697

CVE-2002-1405