Red Hat Bugzilla – Bug 82906
Last modified: 2007-11-30 17:06:52 EST
Description of problem:
lynx is vulnerable to CRLF injection:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. lynx "http://www.redhat.com HTTP/1.0
Microsoft's front page.
Created attachment 90035 [details]
Better test case
Use this test procedure instead.
2. Examine output. Fail if any of the numbered output lines are 'Host:
www.redhat.com' (the script will say 'FAIL' too).
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.