PT-2007-6139 · Elinks+1 · Elinks+1
Publicado
2007-09-21
·
Atualizado
2018-10-15
·
CVE-2007-5034
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ELinks versions prior to 0.11.3
Description
The issue allows remote attackers to sniff sensitive data that would have been protected by TLS when sending a POST request for an https URL. This occurs because the body and content headers of the POST request are appended to the CONNECT request in cleartext. The issue is specific to scenarios where a proxy is defined for https.
Recommendations
For versions prior to 0.11.3, update to version 0.11.3 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Elinks
Red Hat