CVE-2012-4545

EPSS 0.47%

elinks - programming error

Published: 1/3/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-4545

Description

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.

Affected packages (2)

Debian/elinksfrom 0, < 0.12~pre5-9
Debian/elinksfrom 0, < 0.12~pre5-2+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-4545