Lynx Command Line URL CRLF Injection Vulnerability

Bugtraq ID: 5499
Class: Input Validation Error
CVE: CVE-2002-1405
CVE-2002-1405
Remote: Yes
Local: No
Published: Aug 19 2002 12:00AM
Updated: Jul 11 2009 03:56PM
Credit: Discovery credited to Ulf Harnhammar <ulfh@update.uu.se>.
Vulnerable: University of Kansas Lynx 2.8.5 dev.8
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
University of Kansas Lynx 2.8.4 rel.1
University of Kansas Lynx 2.8.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Linux 5.0.6
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
University of Kansas Lynx 2.8.3 rel.1
University of Kansas Lynx 2.8.3
+ Debian Linux 2.2
University of Kansas Lynx 2.8.2 rel.1
Twibright Labs Links 0.96
ELinks ELinks 0.3.2
ELinks ELinks 0.2.4
Not Vulnerable: ELinks ELinks 0.4 pre15


 

Privacy Statement
Copyright 2010, SecurityFocus