CVE-2007-5034

NameCVE-2007-5034
DescriptionELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1380-1
NVD severitymedium (attack range: remote)
Debian Bugs443914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
elinks (PTS)wheezy0.12~pre5-9fixed
jessie0.12~pre6-5fixed
buster, sid, stretch0.12~pre6-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
elinkssource(unstable)0.11.1-1.5low443914
elinkssourceetch0.11.1-1.2etch1mediumDSA-1380-1

Search for package or bug name: Reporting problems