CVE-2007-5034 Information

Description

ELinks before 0.11.3 when sending a POST request for an https URL appends the body and content headers of the POST request to the CONNECT request in cleartext which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

Reference

http://bugzilla.elinks.cz/show_bug.cgi?id=937 http://secunia.com/advisories/26936 http://secunia.com/advisories/26949 http://secunia.com/advisories/26956 http://secunia.com/advisories/27038 http://secunia.com/advisories/27062 http://secunia.com/advisories/27125 http://secunia.com/advisories/27132 http://www.debian.org/security/2007/dsa-1380 http://www.redhat.com/support/errata/RHSA-2007-0933.html http://www.securityfocus.com/archive/1/481606/100/0/threaded http://www.securityfocus.com/bid/25799 http://www.securitytracker.com/id?1018764 http://www.ubuntu.com/usn/usn-519-1 http://www.vupen.com/english/advisories/2007/3278 https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018 https://bugzilla.redhat.com/show_bug.cgi?id=297981 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10335 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html