CVE-2007-5034

NameCVE-2007-5034
DescriptionELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1380-1
Debian Bugs443914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
elinks (PTS)bookworm, bullseye0.13.2-1fixed
sid, trixie0.17.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
elinkssourceetch0.11.1-1.2etch1DSA-1380-1
elinkssource(unstable)0.11.1-1.5low443914

Search for package or bug name: Reporting problems