CVE-2002-1405

EPSS 13.1%

lynx - CRLF injection

Published: 2/19/2003Modified: 4/28/2026

Description

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Affected packages (3)

Debian/lynxfrom 0, < 2.8.4.1b-4
Debian/lynxfrom 0, < 2.8.3-1.1
Debian/lynx-sslfrom 0, < 2.8.3.1-1.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2002-1405