Home > Vulnerability Database > CVE-2007-5034

Mend.io Vulnerability Database

CVE-2007-5034

Date: September 21, 2007

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Severity Score

6.4

Related Resources (24)

Url: http://secunia.com/advisories/27062

Url: http://www.ubuntu.com/usn/usn-519-1

Url: http://www.redhat.com/support/errata/RHSA-2007-0933.html

Url: http://www.securityfocus.com/bid/25799

Url: http://secunia.com/advisories/27132

Url: https://bugzilla.redhat.com/show_bug.cgi?id=297981

Url: http://bugzilla.elinks.cz/show_bug.cgi?id=937

Url: http://www.securitytracker.com/id?1018764

Url: https://access.redhat.com/security/cve/CVE-2007-5034

Url: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html

Url: http://www.vupen.com/english/advisories/2007/3278

Url: http://secunia.com/advisories/26956

Url: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html

Url: http://secunia.com/advisories/26949

Url: http://www.debian.org/security/2007/dsa-1380

Url: http://secunia.com/advisories/26936

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5034

Url: http://secunia.com/advisories/27125

Url: https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-5034

Url: http://www.securityfocus.com/archive/1/481606/100/0/threaded

Url: http://secunia.com/advisories/27038

Url: https://www.mend.io/vulnerability-database/CVE-2007-5034

Severity Score

6.4

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3

Base Score:	6.4
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	7.4
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-5034

Date: September 21, 2007

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?