CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8.3_rel1 |
| university_of_kansas | lynx | 2.8.4 |
| university_of_kansas | lynx | 2.8.3 |
| elinks | elinks | 0.2.4 |
| links | links | 0.96 |
| university_of_kansas | lynx | 2.8.5_dev8 |
| university_of_kansas | lynx | 2.8.2_rel1 |
| elinks | elinks | 0.3.2 |
| university_of_kansas | lynx | 2.8.4_rel1 |
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| elinks | elinks | 0.12 |
| twibright | links | 2.3 |