Back to search
CVE-2007-5034
Published: Sep 21, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26956
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10335
vdb-entry
signature
x_refsource_OVAL
http://bugzilla.elinks.cz/show_bug.cgi?id=937
x_refsource_CONFIRM
27062
third-party-advisory
x_refsource_SECUNIA
FEDORA-2007-2224
vendor-advisory
x_refsource_FEDORA
27125
third-party-advisory
x_refsource_SECUNIA
DSA-1380
vendor-advisory
x_refsource_DEBIAN
26936
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:0933
vendor-advisory
x_refsource_REDHAT
20071005 rPSA-2007-0209-1 elinks
mailing-list
x_refsource_BUGTRAQ
https://bugzilla.redhat.com/show_bug.cgi?id=297981
x_refsource_CONFIRM
1018764
vdb-entry
x_refsource_SECTRACK
https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
x_refsource_CONFIRM
FEDORA-2007-710
vendor-advisory
x_refsource_FEDORA
25799
vdb-entry
x_refsource_BID
USN-519-1
vendor-advisory
x_refsource_UBUNTU
ADV-2007-3278
vdb-entry
x_refsource_VUPEN
27132
third-party-advisory
x_refsource_SECUNIA
26949
third-party-advisory
x_refsource_SECUNIA
27038
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now