CVE-2004-1617

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-1617
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html Vendor Advisory
http://lcamtuf.coredump.cx/mangleme/gallery/ Vendor Advisory
http://www.securityfocus.com/bid/11443 Exploit Vendor Advisory
http://securitytracker.com/id?1011809
http://www.debian.org/security/2006/dsa-1077
http://www.debian.org/security/2006/dsa-1076
http://www.debian.org/security/2006/dsa-1085
http://secunia.com/advisories/20383 Vendor Advisory
http://marc.info/?l=bugtraq&m=109811406620511&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17804
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:university_of_kansas:lynx:2.8.3_dev22:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.3_pre5:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev4:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev5:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.7:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev3:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev2:*:*:*:*:*:*:*
Information

Published : 2004-10-17 21:00

Updated : 2018-10-19 08:30

NVD link : CVE-2004-1617

Mitre link : CVE-2004-1617

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

university_of_kansas

  • lynx