Vulnerability Details : CVE-2002-1405
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
Exploit prediction scoring system (EPSS) score for CVE-2002-1405
Probability of exploitation activity in the next 30 days: 4.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1405
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1405
-
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
-
http://www.securityfocus.com/bid/5499
-
http://marc.info/?l=bugtraq&m=103003793418021&w=2
-
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
-
http://marc.info/?l=bugtraq&m=102978118411977&w=2
-
http://www.redhat.com/support/errata/RHSA-2003-030.html
-
http://www.debian.org/security/2002/dsa-210
Patch;Vendor Advisory
-
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
-
http://www.redhat.com/support/errata/RHSA-2003-029.html
-
http://www.iss.net/security_center/static/9887.php
Patch;Vendor Advisory
Products affected by CVE-2002-1405
- cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:*:*:*:*:*:*:*
- cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:elinks:elinks:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:elinks:elinks:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:links:links:0.96:*:*:*:*:*:*:*