CVE-2007-5034

elinks reveals POST data to HTTPS proxy

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

ELinks anterior a la versión 0.11.3, cuando envía una petición POST para un URL https, añade el cuerpo y cabeceras de contenido de la petición POST a la petición CONNECT en texto plano, lo que permite a atacantes remotos recoger (sniff) datos sensible que deberían de haberse protegido con TLS. NOTA: esta vulnerabilidad sólo ocurre cuando el proxy está definido por https.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-21 CVE Reserved
2007-09-21 CVE Published
2024-08-07 CVE Updated
2024-09-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (22)

URL	Tag	Source
http://bugzilla.elinks.cz/show_bug.cgi?id=937	X_refsource_confirm
http://secunia.com/advisories/26936	Third Party Advisory
http://secunia.com/advisories/26949	Third Party Advisory
http://secunia.com/advisories/26956	Third Party Advisory
http://secunia.com/advisories/27038	Third Party Advisory
http://secunia.com/advisories/27062	Third Party Advisory
http://secunia.com/advisories/27125	Third Party Advisory
http://secunia.com/advisories/27132	Third Party Advisory
http://www.securityfocus.com/archive/1/481606/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/25799	Vdb Entry
http://www.securitytracker.com/id?1018764	Vdb Entry
http://www.vupen.com/english/advisories/2007/3278	Vdb Entry
https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018	X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=297981	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.debian.org/security/2007/dsa-1380	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0933.html	2018-10-15
http://www.ubuntu.com/usn/usn-519-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5034	2007-10-03
https://bugzilla.redhat.com/show_bug.cgi?id=297611	2007-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Elinks Search vendor "Elinks"		Elinks Search vendor "Elinks" for product "Elinks"				<= 0.11.1 Search vendor "Elinks" for product "Elinks" and version " <= 0.11.1"		-		Affected
Elinks Search vendor "Elinks"		Elinks Search vendor "Elinks" for product "Elinks"				<= 0.11.2 Search vendor "Elinks" for product "Elinks" and version " <= 0.11.2"		-		Affected