// For flags

CVE-2004-1617

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-10-18 CVE Published
  • 2005-02-20 CVE Reserved
  • 2024-01-28 EPSS Updated
  • 2024-08-08 CVE Updated
  • 2024-08-08 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.7
Search vendor "University Of Kansas" for product "Lynx" and version "2.7"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8
Search vendor "University Of Kansas" for product "Lynx" and version "2.8"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.1
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.1"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.2_rel1
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.2_rel1"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.3
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.3"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.3_dev22
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.3_dev22"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.3_pre5
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.3_pre5"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.3_rel1
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.3_rel1"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.4
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.4"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.4_rel1
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.4_rel1"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5_dev2
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5_dev2"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5_dev3
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5_dev3"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5_dev4
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5_dev4"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5_dev5
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5_dev5"
-
Affected
University Of Kansas
Search vendor "University Of Kansas"
 Lynx
Search vendor "University Of Kansas" for product "Lynx"
 2.8.5_dev8
Search vendor "University Of Kansas" for product "Lynx" and version "2.8.5_dev8"
-
Affected