CVE-2002-1405
lynx - CRLF injection
EPSS 13.1%
Description
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
How to fix CVE-2002-1405
To remediate CVE-2002-1405, upgrade the affected package to a fixed version below.
- Debian/lynx—upgrade to 2.8.4.1b-4 or later
- Debian/lynx—upgrade to 2.8.3-1.1 or later
- Debian/lynx-ssl—upgrade to 2.8.3.1-1.1 or later
Is CVE-2002-1405 being exploited?
Moderate — EPSS is 13.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.8.4.1b-4
- from 0, < 2.8.3-1.1
- from 0, < 2.8.3.1-1.1