CVE-2002-1405

Lynx <2.8.4 - CRLF Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1405. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This exploit demonstrates a CRLF injection vulnerability in Lynx, allowing an attacker to inject additional HTTP headers into a request. By manipulating the 'Host' header, the attacker can cause the request to be served as if made to a different domain.

Description

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ulf Harnhammar · perlremotelinux
https://www.exploit-db.com/exploits/21722

This exploit demonstrates a CRLF injection vulnerability in Lynx, allowing an attacker to inject additional HTTP headers into a request. By manipulating the 'Host' header, the attacker can cause the request to be served as if made to a different domain.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Lynx versions 2.8.4rel.1, 2.8.5dev.8, 2.8.3rel.1, 2.8.2rel.1
No auth needed
Prerequisites: Lynx browser installed · Command line access to execute Lynx
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Various Sources vendor-advisory x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-030.html
Various Sources vendor-advisory x_refsource_trustix
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9887.php
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-029.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103003793418021&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102978118411977&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5499
Various Sources vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-210

Scores

EPSS 0.0504
EPSS Percentile 91.2%

Details

Status published
Products (9)
elinks/elinks 0.2.4
elinks/elinks 0.3.2
links/links 0.96
university_of_kansas/lynx 2.8.2_rel1
university_of_kansas/lynx 2.8.3
university_of_kansas/lynx 2.8.3_rel1
university_of_kansas/lynx 2.8.4
university_of_kansas/lynx 2.8.4_rel1
university_of_kansas/lynx 2.8.5_dev8
Published Feb 19, 2003
Tracked Since Feb 18, 2026