exploits , vulnerabilities , articles , Lynx Command Line URL CRLF Injection Vulnerability

Title	Lynx Command Line URL CRLF Injection Vulnerability
Published	2002-08-19-12:00AM
Updated	2003-08-11-10:19PM
Class	Input Validation Error
CVE	CAN-2002-1405 CVE-2002-1405
Remote	Yes
Local	No
Credit	Discovery credited to Ulf Harnhammar <ulfh@update.uu.se>.
Vulnerable	University of Kansas Lynx 2.8.5 dev.8 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 9.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Single Network Firewall 7.2 University of Kansas Lynx 2.8.4 rel.1 University of Kansas Lynx 2.8.4 Caldera OpenLinux Server 3.1 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1 Caldera OpenLinux Workstation 3.1.1 Conectiva Linux 7.0 Conectiva Linux 8.0 Debian Linux 3.0 RedHat Linux for iSeries 7.1 RedHat Linux for pSeries 7.1 Sun Linux 5.0.6 Trustix Secure Linux 1.1 Trustix Secure Linux 1.2 Trustix Secure Linux 1.5 University of Kansas Lynx 2.8.3 rel.1 University of Kansas Lynx 2.8.3 Debian Linux 2.2 University of Kansas Lynx 2.8.2 rel.1 Links Links 0.96 ELinks ELinks 0.3.2 ELinks ELinks 0.2.4
Not Vulnerable	ELinks ELinks 0.4 pre15
Code	The following exploit has been provided by Ulf Harnhammar <ulfh@update.uu.se>: /data/vulnerabilities/exploits/lynx-crlf.pl
TXT