|
|
CVE Reference: CVE-2007-5034 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5034 |
|
|
Description: ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https. |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/usn-519-1 ST 1018764 SAID Secunia Advisory: SA26936 Secunia Advisory: SA26956 Secunia Advisory: SA26949 Secunia Advisory: SA27062 Secunia Advisory: SA27125 Secunia Advisory: SA27132 Secunia Advisory: SA27038 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0933.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10335 FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1380 CONFIRM http://bugzilla.elinks.cz/show_bug.cgi?id=937 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/481606/100/0/threaded BID 25799 |
|
| Return to the previous page. |
