Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for lynx by university_of_kansas
CVE-2005-2929 (GCVE-0-2005-2929)
Vulnerability from cvelistv5 – Published: 2005-11-18 11:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2005-11-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015195"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2929",
"datePublished": "2005-11-18T11:00:00.000Z",
"dateReserved": "2005-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1617 (GCVE-0-2004-1617)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2004-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"name": "http://lcamtuf.coredump.cx/mangleme/gallery/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1617",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:36.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1405 (GCVE-0-2002-1405)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2002-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:023",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1405",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2003-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0209 (GCVE-0-2000-0209)
Vulnerability from cvelistv5 – Published: 2000-04-10 04:00 – Updated: 2024-08-08 05:05
VLAI?
Summary
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2000-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0209",
"datePublished": "2000-04-10T04:00:00.000Z",
"dateReserved": "2000-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:05:54.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0817 (GCVE-0-1999-0817)
Vulnerability from cvelistv5 – Published: 2000-01-04 05:00 – Updated: 2024-08-01 16:48
VLAI?
Summary
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:01:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0817",
"datePublished": "2000-01-04T05:00:00.000Z",
"dateReserved": "1999-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:48:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0371 (GCVE-0-1999-0371)
Vulnerability from cvelistv5 – Published: 1999-09-29 04:00 – Updated: 2024-08-01 16:34
VLAI?
Summary
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lynx allows a local user to overwrite sensitive files through /tmp symlinks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:24:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx allows a local user to overwrite sensitive files through /tmp symlinks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0371",
"datePublished": "1999-09-29T04:00:00.000Z",
"dateReserved": "1999-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:34:51.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2929 (GCVE-0-2005-2929)
Vulnerability from nvd – Published: 2005-11-18 11:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2005-11-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=338\u0026type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015195"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2929",
"datePublished": "2005-11-18T11:00:00.000Z",
"dateReserved": "2005-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1617 (GCVE-0-2004-1617)
Vulnerability from nvd – Published: 2005-02-20 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2004-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11443"
},
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109811406620511\u0026w=2"
},
{
"name": "DSA-1077",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1077"
},
{
"name": "1011809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011809"
},
{
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name": "DSA-1076",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1076"
},
{
"name": "DSA-1085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"name": "http://lcamtuf.coredump.cx/mangleme/gallery/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1617",
"datePublished": "2005-02-20T05:00:00.000Z",
"dateReserved": "2005-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:00:36.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1405 (GCVE-0-2002-1405)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2002-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:023",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:023",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023"
},
{
"name": "RHSA-2003:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-030.html"
},
{
"name": "2002-0085",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt"
},
{
"name": "lynx-crlf-injection(9887)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9887.php"
},
{
"name": "RHSA-2003:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-029.html"
},
{
"name": "20020822 Lynx CRLF Injection, part two",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103003793418021\u0026w=2"
},
{
"name": "20020819 Lynx CRLF Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978118411977\u0026w=2"
},
{
"name": "5499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5499"
},
{
"name": "CSSA-2002-049.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt"
},
{
"name": "DSA-210",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1405",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2003-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0209 (GCVE-0-2000-0209)
Vulnerability from nvd – Published: 2000-04-10 04:00 – Updated: 2024-08-08 05:05
VLAI?
Summary
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2000-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0209",
"datePublished": "2000-04-10T04:00:00.000Z",
"dateReserved": "2000-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:05:54.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0817 (GCVE-0-1999-0817)
Vulnerability from nvd – Published: 2000-01-04 05:00 – Updated: 2024-08-01 16:48
VLAI?
Summary
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:01:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0817",
"datePublished": "2000-01-04T05:00:00.000Z",
"dateReserved": "1999-11-25T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:48:38.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0371 (GCVE-0-1999-0371)
Vulnerability from nvd – Published: 1999-09-29 04:00 – Updated: 2024-08-01 16:34
VLAI?
Summary
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lynx allows a local user to overwrite sensitive files through /tmp symlinks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:24:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx allows a local user to overwrite sensitive files through /tmp symlinks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0371",
"datePublished": "1999-09-29T04:00:00.000Z",
"dateReserved": "1999-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-01T16:34:51.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}