CVE-2007-5034

Priority
Description
ELinks before 0.11.3, when sending a POST request for an https URL, appends
the body and content headers of the POST request to the CONNECT request in
cleartext, which allows remote attackers to sniff sensitive data that would
have been protected by TLS. NOTE: this issue only occurs when a proxy is
defined for https.
Ubuntu-Description
Kalle Olavi Niemitalo discovered that if elinks makes a POST request
to an HTTPS URL through a proxy, information may be sent in clear-text
between elinks and the proxy. Attackers with access to the network
could steal sensitive information (such as passwords).
Notes
jdstrand0.11.3 and higher not vulnerable
Package
Upstream:released (0.11.3)
More Information

Updated: 2020-09-10 00:13:08 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)