CVE-2007-5034
ELinks < 0.11.3 - Sensitive Data Exposure via HTTPS Proxy CONNECT Request
Title source: llmDescription
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
References (20)
Core 20
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=297981
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-519-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26956
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335
Issue Tracking x_refsource_confirm
http://bugzilla.elinks.cz/show_bug.cgi?id=937
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27062
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27125
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1380
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26936
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0933.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481606/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018764
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25799
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3278
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27132
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26949
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27038
Scores
EPSS
0.0260
EPSS Percentile
83.5%
Details
CWE
CWE-200
Status
published
Products (1)
elinks/elinks
< 0.11.1
Published
Sep 21, 2007
Tracked Since
Feb 18, 2026