CVE-2007-5034

ELinks < 0.11.3 - Sensitive Data Exposure via HTTPS Proxy CONNECT Request

Title source: llm
STIX 2.1

Description

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

References (20)

Core 20
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=297981
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-519-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26956
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335
Issue Tracking x_refsource_confirm
http://bugzilla.elinks.cz/show_bug.cgi?id=937
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27062
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27125
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1380
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26936
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0933.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481606/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018764
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25799
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3278
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27132
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26949
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27038

Scores

EPSS 0.0260
EPSS Percentile 83.5%

Details

CWE
CWE-200
Status published
Products (1)
elinks/elinks < 0.11.1
Published Sep 21, 2007
Tracked Since Feb 18, 2026