Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: General :: lnx6023.htm

lynx CRLF injection vulnerability
25th Feb 2003 [SBWID-6023]

	lynx CRLF injection vulnerability




	A vulnerability was discovered in lynx, a  text-mode  web  browser.  The
	From Mandrake Linux Security Update Advisory [MDKSA-2003:023]
	HTTP queries that lynx constructs are  from  arguments  on  the  command
	line or the $WWW_HOME environment variable, but lynx does  not  properly
	sanitize special characters  such  as  carriage  returns  or  linefeeds.
	Extra headers can be inserted into the request because  of  this,  which
	can cause scripts that use lynx to fetch data from the wrong  site  from
	servers that use virtual hosting.


	Updates available, check your distro

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH