CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_kansas | lynx | 2.8.4_rel1 |
| university_of_kansas | lynx | 2.8.3 |
| university_of_kansas | lynx | 2.8.3_rel1 |
| university_of_kansas | lynx | 2.8.2_rel1 |
| university_of_kansas | lynx | 2.8.4 |
| elinks | elinks | 0.2.4 |
| links | links | 0.96 |
| university_of_kansas | lynx | 2.8.5_dev8 |
| elinks | elinks | 0.3.2 |
Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| links | links | 0.98 |
| links | links | 0.93 |
| links | links | 0.99 |
| links | links | 0.97 |
| links | links | 0.91 |
| links | links | 0.94 |
| links | links | 0.96 |
| links | links | 0.95 |
| links | links | 0.92 |