CVE-2007-5034

N/A Unknown

Published: September 21, 2007 Modified: April 23, 2026

Description

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugzilla.elinks.cz/show_bug.cgi?id=937

Source: security@ubuntu.com

http://secunia.com/advisories/26936

Source: security@ubuntu.com

http://secunia.com/advisories/26949

Source: security@ubuntu.com

http://secunia.com/advisories/26956

Source: security@ubuntu.com

http://secunia.com/advisories/27038

Source: security@ubuntu.com

http://secunia.com/advisories/27062

Source: security@ubuntu.com

http://secunia.com/advisories/27125

Source: security@ubuntu.com

http://secunia.com/advisories/27132

Source: security@ubuntu.com

http://www.debian.org/security/2007/dsa-1380

Source: security@ubuntu.com

http://www.redhat.com/support/errata/RHSA-2007-0933.html

Source: security@ubuntu.com

http://www.securityfocus.com/archive/1/481606/100/0/threaded

Source: security@ubuntu.com

http://www.securityfocus.com/bid/25799

Source: security@ubuntu.com

http://www.securitytracker.com/id?1018764

Source: security@ubuntu.com

http://www.ubuntu.com/usn/usn-519-1

Source: security@ubuntu.com

http://www.vupen.com/english/advisories/2007/3278

Source: security@ubuntu.com

https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018

Source: security@ubuntu.com

https://bugzilla.redhat.com/show_bug.cgi?id=297981

Source: security@ubuntu.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335

Source: security@ubuntu.com

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html

Source: security@ubuntu.com

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html

Source: security@ubuntu.com

http://bugzilla.elinks.cz/show_bug.cgi?id=937

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26936

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26949

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26956

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27038

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27062

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27125

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27132

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1380

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-0933.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/481606/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25799

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018764

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-519-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3278

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=297981

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html

Source: af854a3a-2127-422b-91ae-364da2661108

40 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.6%

83th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

elinks

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1