CVE-2007-5034

Impact:
Moderate
Public Date:
2007-02-24
Bugzilla:
297611: CVE-2007-5034 elinks reveals POST data to HTTPS proxy

The MITRE CVE dictionary describes this issue as:

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Find out more about CVE-2007-5034 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (elinks) RHSA-2007:0933 2007-10-03
Red Hat Enterprise Linux 5 (elinks) RHSA-2007:0933 2007-10-03
Last Modified

CVE description copyright © 2017, The MITRE Corporation