← Back

CVE-2002-1405

nvd nist
Published: Feb 19, 2003Modified: Apr 16, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Affected (9)

Elinks
1 product
Elinks
Links
1 product
Links
University Of Kansas
1 product
Lynx
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Elinks
Elinks
Version 0.2.4
Elinks
Version 0.3.2
Links
Version 0.96
Lynx
Version 2.8.2_rel1
Lynx
Version 2.8.3
Lynx
Version 2.8.3_rel1
Lynx
Version 2.8.4
Lynx
Version 2.8.4_rel1
Lynx
Version 2.8.5_dev8

References (20)

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt (unsafe URL)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt (unsafe URL)
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.