CVE-2002-1405
published 2003-02-19CVE-2002-1405: CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
5.04%
91.2th percentile
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lynx | < lynx 2.8.4.1b-4 (bookworm) | lynx 2.8.4.1b-4 (bookworm) |
| elinks | elinks | — | — |
| elinks | elinks | — | — |
| links | links | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | >= 0 < 2.8.4.1b-4 | 2.8.4.1b-4 |
| university_of_kansas | lynx | >= 0 < 2.8.4.1b-4 | 2.8.4.1b-4 |
| university_of_kansas | lynx | >= 0 < 2.8.4.1b-4 | 2.8.4.1b-4 |
| university_of_kansas | lynx | >= 0 < 2.8.4.1b-4 | 2.8.4.1b-4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-08-19·CVSS 5.0
CVE-2002-1405 [MEDIUM] security flaw
security flaw
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Debian
CVE-2002-1405: lynx - CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers t...
vendor_debian·2002·CVSS 5.0
CVE-2002-1405 [MEDIUM] CVE-2002-1405: lynx - CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers t...
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Scope: local
bookworm: resolved (fixed in 2.8.4.1b-4)
bullseye: resolved (fixed in 2.8.4.1b-4)
forky: resolved (fixed in 2.8.4.1b-4)
sid: resolved (fixed in 2.8.4.1b-4)
trixie: resolved (fixed in 2.8.4.1b-4)
GHSA
GHSA-27fc-4jc3-pjvm: CRLF injection vulnerability in Lynx 2
ghsa_unreviewed·2022-05-03
CVE-2002-1405 [MEDIUM] GHSA-27fc-4jc3-pjvm: CRLF injection vulnerability in Lynx 2
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
OSV
CVE-2002-1405: CRLF injection vulnerability in Lynx 2
osv·2003-02-19·CVSS 5.0
CVE-2002-1405 [MEDIUM] CVE-2002-1405: CRLF injection vulnerability in Lynx 2
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
No detection rules found.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txthttp://marc.info/?l=bugtraq&m=102978118411977&w=2http://marc.info/?l=bugtraq&m=103003793418021&w=2http://www.debian.org/security/2002/dsa-210http://www.iss.net/security_center/static/9887.phphttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023http://www.redhat.com/support/errata/RHSA-2003-029.htmlhttp://www.redhat.com/support/errata/RHSA-2003-030.htmlhttp://www.securityfocus.com/bid/5499http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txtftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txthttp://marc.info/?l=bugtraq&m=102978118411977&w=2http://marc.info/?l=bugtraq&m=103003793418021&w=2http://www.debian.org/security/2002/dsa-210http://www.iss.net/security_center/static/9887.phphttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023http://www.redhat.com/support/errata/RHSA-2003-029.htmlhttp://www.redhat.com/support/errata/RHSA-2003-030.htmlhttp://www.securityfocus.com/bid/5499http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
2003-02-19
Published