Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51200
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2003:030
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2003:030.

Updated Lynx packages fix an error in the way Lynx parses its command line
arguments which can lead to faked headers being sent to a Web server.

Lynx is a character-cell Web browser, suitable for running on terminals
such as the VT100.

Lynx constructs its HTTP queries from the command line (or WWW_HOME
environment variable) without regard to special characters such as carriage
returns or linefeeds. When given a URL containing such special characters,
extra headers could be inserted into the request. This could cause scripts
using Lynx to fetch data from the wrong site from servers with virtual hosting.

Users of Lynx are advised to upgrade to these erratum packages which
contain a patch to correct this isssue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-030.html
http://www.mail-archive.com/bugtraq@securityfocus.com/msg08897.html

Risk factor : Medium

CVSS Score:
5.0

Querverweis: BugTraq ID: 5499
Common Vulnerability Exposure (CVE) ID: CVE-2002-1405
http://www.securityfocus.com/bid/5499
Bugtraq: 20020819 Lynx CRLF Injection (Google Search)
http://marc.info/?l=bugtraq&m=102978118411977&w=2
Bugtraq: 20020822 Lynx CRLF Injection, part two (Google Search)
http://marc.info/?l=bugtraq&m=103003793418021&w=2
Caldera Security Advisory: CSSA-2002-049.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Debian Security Information: DSA-210 (Google Search)
http://www.debian.org/security/2002/dsa-210
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
http://www.iss.net/security_center/static/9887.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.