CVE-2004-1617

Published Oct 18, 2004

Last updated 6 years ago

CVSS info 5.0

Overview

Description: Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E01953FC-9DA9-4C14-9989-6A81AA2B42E8"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08198583-325B-42B7-8856-14C864838AE7"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "634EEA7F-6A30-4044-80EC-68119306B350"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.2_rel1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0387441-C971-487A-8379-1F2B91CD6EC9"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DA626DE-D9B2-4764-80AA-7D4F499184F4"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.3_dev22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD071013-25ED-4898-B603-2D3C97059357"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.3_pre5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DB0DABE-3798-466D-9C2E-AC9CB38AA75F"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.3_rel1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7680912-C6C7-44BD-AD1B-0828E4F03482"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6033263D-6B30-4002-B9F5-4062FD09B815"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.4_rel1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCD15F97-2B1A-4C28-B5BC-6B6A6E389831"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBA62F01-C6E9-4A3D-806A-AED37BF452C0"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83165BE0-829E-4CAC-A68B-6578F925EB3C"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69027905-81EC-4778-A1C9-3F848618EDD8"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0801AD2E-7EE0-45F2-9BC1-028E38EA93F1"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E19D9AA-BE49-497E-807E-B020463BF8FD"
          },
          {
            "criteria": "cpe:2.3:a:university_of_kansas:lynx:2.8.5_dev8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79AB7C16-A5E4-4D7F-B879-5E13917449C3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References