CVE-2002-1405: CVE-2002-1405

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2002-1405

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Lynx命令行URL CRLF注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Lynx是一款纯文字网页浏览器。 Lynx在被命令行方式调用的时候，由于对回车和换行符缺少正确处理，远程攻击者可以利用这个漏洞增加HTTP头信息操作HTTP请求信息。当URL使用以命令行方式给出或者在WWW_HOME环境变量中，Lynx不会删除或者在构建HTTP下查询前对一些危险的字符如空格，TAB，CR和LF进行编码，这表示攻击者可以通过在正常URL后增加空格+"HTTP/1.0" + CRLF + 部分头信息 + CRLF + CRLF来重新构建URL并发送任意伪造的HTTP头。当程序启动Lynx

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2002-1405

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2002-1405

Please Login to view more intelligence information

http://www.securityfocus.com/bid/5499vdb-entryx_refsource_BID
http://www.debian.org/security/2002/dsa-210vendor-advisoryx_refsource_DEBIAN
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txtvendor-advisoryx_refsource_TRUSTIX
http://www.redhat.com/support/errata/RHSA-2003-029.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-030.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023vendor-advisoryx_refsource_MANDRAKE
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txtvendor-advisoryx_refsource_CALDERA
http://www.iss.net/security_center/static/9887.phpvdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=102978118411977&w=2mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=103003793418021&w=2mailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2002-1405

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2002-1405

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2002-1405

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2002-1405

III. Intelligence Information for CVE-2002-1405

New Vulnerabilities

V. Comments for CVE-2002-1405

Leave a comment