Candidate: CVE-2016-9179 PublicDate: 2016-12-22 21:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9179 http://www.openwall.com/lists/oss-security/2016/11/03/4 Description: lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. Ubuntu-Description: It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to connect to a different host. Notes: ratliff> note that the URL must end in / or the attack won't work Bugs: Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH] Patches_lynx-cur: upstream_lynx-cur: needs-triage precise_lynx-cur: ignored (reached end-of-life) precise/esm_lynx-cur: DNE (precise was needed) trusty_lynx-cur: ignored (reached end-of-life) trusty/esm_lynx-cur: DNE (trusty was needed) vivid/stable-phone-overlay_lynx-cur: DNE vivid/ubuntu-core_lynx-cur: DNE xenial_lynx-cur: DNE yakkety_lynx-cur: DNE zesty_lynx-cur: DNE artful_lynx-cur: DNE bionic_lynx-cur: DNE cosmic_lynx-cur: DNE disco_lynx-cur: DNE eoan_lynx-cur: DNE focal_lynx-cur: DNE groovy_lynx-cur: DNE hirsute_lynx-cur: DNE impish_lynx-cur: DNE jammy_lynx-cur: DNE devel_lynx-cur: DNE Patches_lynx: upstream_lynx: needs-triage precise_lynx: DNE precise/esm_lynx: DNE trusty_lynx: DNE trusty/esm_lynx: DNE vivid/stable-phone-overlay_lynx: DNE vivid/ubuntu-core_lynx: DNE xenial_lynx: ignored (end of standard support, was needed) yakkety_lynx: ignored (reached end-of-life) zesty_lynx: ignored (reached end-of-life) artful_lynx: ignored (reached end-of-life) bionic_lynx: not-affected (2.8.9dev11-1) cosmic_lynx: not-affected (2.8.9dev11-1) disco_lynx: not-affected (2.8.9dev11-1) eoan_lynx: not-affected (2.8.9dev11-1) focal_lynx: not-affected (2.8.9dev11-1) groovy_lynx: not-affected (2.8.9dev11-1) hirsute_lynx: not-affected (2.8.9dev11-1) impish_lynx: not-affected (2.8.9dev11-1) jammy_lynx: not-affected (2.8.9dev11-1) devel_lynx: not-affected (2.8.9dev11-1)