[1]CVE

   [2](BUTTON) CVE List▾
   [3]CVE List Search [4]Search Tips [5]CVE Request Web Form [6]Web Form Help [7]PGP
   Key [8]CVE List Documents & Guidance [9]Terms of Use

   [10](BUTTON) CNAs▾
   [11]CVE Numbering Authorities (CNAs) [12]Participating CNAs [13]CNA Documents,
   Policies & Guidance [14]CNA Rules, Version 3.0 [15]New CNA Onboarding [16]Slides
   & Videos [17]How to Become a CNA

   [18](BUTTON) WGs▾
   [19]CVE Working Groups [20]Automation (AWG) [21]CNA Coordination (CNACWG)
   [22]Outreach and Communications (OCWG) [23]CVE Quality (QWG) [24]Strategic
   Planning (SPWG) [25]Tactical (TWG)

   [26](BUTTON) Board▾
   [27]CVE Board [28]Members [29]Email Archives [30]Meeting Archives [31]Board
   Charter

   [32](BUTTON) About▾
   [33]About CVE [34]Professional Code of Conduct [35]CVE & NVD Relationship
   [36]History [37]Sponsor [38]Documentation & Guidance [39]FAQs [40]Terminology

   [41](BUTTON) News & Blog▾
   [42]Latest CVE News [43]Blog [44]Podcast [45]Calendar [46]Archive [47]Follow CVE
   [48]Free CVE Newsletter [49]CVEnew Twitter Feed Twitter [50]CVEannounce Twitter
   Feed Twitter [51]CVE on Medium Medium [52]CVE on LinkedIn LinkedIn [53]CVEProject
   on GitHub GitHub [54]CVE on YouTube YouTube


   [55]Search CVE List

   [56]Downloads

   [57]Data Feeds

   [58]Update a CVE Record

   [59]Request CVE IDs


   TOTAL CVE Records: [60]233151
   NOTICE: Transition to the all-new CVE website at [61]WWW.CVE.ORG and [62]CVE
   Record Format JSON are underway.
   NOTICE: Legacy CVE download formats [63]deprecation is now underway and will end
   on June 30, 2024.
   New CVE List download format is [64]available now.

   [65]Home > [66]CVE > CVE-2007-5034

   ¿

   CVE-ID

CVE-2007-5034

   [67]Learn more at National Vulnerability Database (NVD)
   o CVSS Severity Rating o Fix Information o Vulnerable Software Versions o SCAP
   Mappings o CPE Information
   Description
   ELinks before 0.11.3, when sending a POST request for an https URL, appends the
   body and content headers of the POST request to the CONNECT request in cleartext,
   which allows remote attackers to sniff sensitive data that would have been
   protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
   References
   Note: [68]References are provided for the convenience of the reader to help
   distinguish between vulnerabilities. The list is not intended to be complete.
     * BID:25799
     * [69]URL:http://www.securityfocus.com/bid/25799
     * BUGTRAQ:20071005 rPSA-2007-0209-1 elinks
     * [70]URL:http://www.securityfocus.com/archive/1/481606/100/0/threaded
     * [71]CONFIRM:http://bugzilla.elinks.cz/show_bug.cgi?id=937
     * [72]CONFIRM:https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
     * [73]CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=297981
     * DEBIAN:DSA-1380
     * [74]URL:http://www.debian.org/security/2007/dsa-1380
     * FEDORA:FEDORA-2007-2224
     * [75]URL:https://www.redhat.com/archives/fedora-package-announce/2007-Septembe
       r/msg00335.html
     * FEDORA:FEDORA-2007-710
     * [76]URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/
       msg00079.html
     * OVAL:oval:org.mitre.oval:def:10335
     * [77]URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m
       itre.oval%3Adef%3A10335
     * REDHAT:RHSA-2007:0933
     * [78]URL:http://www.redhat.com/support/errata/RHSA-2007-0933.html
     * SECTRACK:1018764
     * [79]URL:http://www.securitytracker.com/id?1018764
     * SECUNIA:26936
     * [80]URL:http://secunia.com/advisories/26936
     * SECUNIA:26949
     * [81]URL:http://secunia.com/advisories/26949
     * SECUNIA:26956
     * [82]URL:http://secunia.com/advisories/26956
     * SECUNIA:27038
     * [83]URL:http://secunia.com/advisories/27038
     * SECUNIA:27062
     * [84]URL:http://secunia.com/advisories/27062
     * SECUNIA:27125
     * [85]URL:http://secunia.com/advisories/27125
     * SECUNIA:27132
     * [86]URL:http://secunia.com/advisories/27132
     * UBUNTU:USN-519-1
     * [87]URL:http://www.ubuntu.com/usn/usn-519-1
     * VUPEN:ADV-2007-3278
     * URL:[DEL: http://www.vupen.com/english/advisories/2007/3278 :DEL] (Obsolete
       source)

   Assigning CNA
   Canonical Ltd.
   Date Record Created
   20070921 Disclaimer: The [88]record creation date may reflect when the CVE ID was
   allocated or reserved, and does not necessarily indicate when this vulnerability
   was discovered, shared with the affected vendor, publicly disclosed, or updated
   in CVE.
   Phase (Legacy)
   Assigned (20070921)
   Votes (Legacy)
   Comments (Legacy)

   Proposed (Legacy)
   N/A
   This is an record on the [89]CVE List, which provides common identifiers for
   publicly known cybersecurity vulnerabilities.
   Search CVE Using Keywords:   ____________________ Submit
   You can also search by reference using the [90]CVE Reference Maps.
   For More Information:  [91]CVE Request Web Form (select "Other" from dropdown)
   [92]Back to top

   [93]Site Map | [94]Terms of Use | [95]Privacy Policy | [96]Contact Us | Follow
   CVE  [97]Twitter [98]LinkedIn [99]GitHub [100]YouTube [101]Medium
   [102]Search CVE Website

   Use of the CVE® List and the associated references from this website are subject
   to the [103]terms of use. CVE is sponsored by the [104]U.S. Department of
   Homeland Security (DHS) [105]Cybersecurity and Infrastructure Security Agency
   (CISA). Copyright © 1999-2024, [106]The MITRE Corporation. CVE and the CVE logo
   are registered trademarks of The MITRE Corporation.

References

   Visible links:
   1. https://cve.mitre.org/index.html
   2. https://www.cve.org/
   3. https://cve.mitre.org/cve/search_cve_list.html
   4. https://cve.mitre.org/find/search_tips.html
   5. https://cveform.mitre.org/
   6. https://www.cve.org/ResourcesSupport/FAQs#pc_cve_request_web_form
   7. https://www.cve.org/ResourcesSupport/FAQs#pc_cve_request_web_formweb_form_encrypt_requests
   8. https://www.cve.org/ResourcesSupport/Resources
   9. https://www.cve.org/Legal/TermsOfUse
  10. https://www.cve.org/ProgramOrganization/CNAs
  11. https://www.cve.org/ProgramOrganization/CNAs
  12. https://www.cve.org/PartnerInformation/ListofPartners
  13. https://www.cve.org/ResourcesSupport/Resources#CVENumberingAuthorities
  14. https://www.cve.org/ResourcesSupport/AllResources/CNARules
  15. https://www.cve.org/PartnerInformation/Partner#CNA
  16. https://www.cve.org/ResourcesSupport/Resources#cnaOnboarding
  17. https://www.cve.org/PartnerInformation/Partner#HowToBecomeAPartner
  18. https://www.cve.org/ProgramOrganization/WorkingGroups
  19. https://www.cve.org/ProgramOrganization/WorkingGroups
  20. https://www.cve.org/ProgramOrganization/WorkingGroups#AutomationWorkingGroupAWG
  21. https://www.cve.org/ProgramOrganization/WorkingGroups#CNACoordinationWorkingGroupCNACWG
  22. https://www.cve.org/ProgramOrganization/WorkingGroups#OutreachandCommunicationsWorkingGroupOCWG
  23. https://www.cve.org/ProgramOrganization/WorkingGroups#QualityWorkingGroupQWG
  24. https://www.cve.org/ProgramOrganization/WorkingGroups#StrategicPlanningWorkingGroupSPWG
  25. https://www.cve.org/ProgramOrganization/WorkingGroups#TacticalWorkingGroup
  26. https://www.cve.org/ProgramOrganization/Board
  27. https://www.cve.org/ProgramOrganization/Board
  28. https://www.cve.org/ProgramOrganization/Board#Members
  29. https://cve.mitre.org/community/board/archive.html#board_mail_list_archive
  30. https://cve.mitre.org/community/board/archive.html#meeting_summaries
  31. https://www.cve.org/ProgramOrganization/Board#Resources
  32. https://www.cve.org/About/Overview
  33. https://www.cve.org/About/Overview
  34. https://www.cve.org/ResourcesSupport/AllResources/ProfessionalCodeOfConduct
  35. https://www.cve.org/ResourcesSupport/FAQs#pc_introcve_nvd_relationship
  36. https://www.cve.org/About/History
  37. https://www.cve.org/ResourcesSupport/FAQs#pc_introwho_owns_cve
  38. https://www.cve.org/ResourcesSupport/Resources
  39. https://www.cve.org/ResourcesSupport/FAQs
  40. https://www.cve.org/ResourcesSupport/Glossary
  41. https://www.cve.org/Media/News/AllNews
  42. https://www.cve.org/Media/News/AllNews
  43. https://www.cve.org/Media/News/Blogs
  44. https://www.cve.org/Media/News/Podcasts
  45. https://www.cve.org/Media/Events
  46. https://cve.mitre.org/news/archives/index.html
  47. https://cve.mitre.org/cve/data_feeds.html
  48. https://www.cve.org/Media/News/NewsletterSignup
  49. https://twitter.com/CVEnew/
  50. https://twitter.com/CVEannounce/
  51. https://medium.com/@CVE_Program
  52. https://www.linkedin.com/company/cve-program
  53. https://github.com/CVEProject
  54. https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/
  55. https://cve.mitre.org/cve/search_cve_list.html
  56. https://www.cve.org/Downloads
  57. https://www.cve.org/ResourcesSupport/FAQs#pc_cve_list_basicscve_list_data_feeds
  58. https://www.cve.org/ReportRequest/ReportRequestForNonCNAs#UpdateCVERecord
  59. https://www.cve.org/ReportRequest/ReportRequestForNonCNAs#RequestCVEID
  60. https://www.cve.org/
  61. https://www.cve.org/
  62. https://www.cve.org/Media/News/item/blog/2022/10/06/CVE-Records-Are-Now-Displayed
  63. https://medium.com/@cve_program/phase-3-of-legacy-cve-download-formats-deprecation-now-underway-15c27faa4456
  64. https://www.cve.org/Media/News/item/blog/2023/03/29/CVE-Downloads-in-JSON-5-Format
  65. https://cve.mitre.org/
  66. https://cve.mitre.org/cve/
  67. https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5034
  68. https://cve.mitre.org/data/refs/index.html
  69. http://www.securityfocus.com/bid/25799
  70. http://www.securityfocus.com/archive/1/481606/100/0/threaded
  71. http://bugzilla.elinks.cz/show_bug.cgi?id=937
  72. https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018
  73. https://bugzilla.redhat.com/show_bug.cgi?id=297981
  74. http://www.debian.org/security/2007/dsa-1380
  75. https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html
  76. https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html
  77. https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335
  78. http://www.redhat.com/support/errata/RHSA-2007-0933.html
  79. http://www.securitytracker.com/id?1018764
  80. http://secunia.com/advisories/26936
  81. http://secunia.com/advisories/26949
  82. http://secunia.com/advisories/26956
  83. http://secunia.com/advisories/27038
  84. http://secunia.com/advisories/27062
  85. http://secunia.com/advisories/27125
  86. http://secunia.com/advisories/27132
  87. http://www.ubuntu.com/usn/usn-519-1
  88. https://cve.mitre.org/about/faqs.html#date_record_created_in_cve_record
  89. https://cve.mitre.org/cve/
  90. https://cve.mitre.org/data/refs/index.html
  91. https://cveform.mitre.org/
  92. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034#top
  93. https://cve.mitre.org/sitemap.html
  94. https://www.cve.org/Legal/TermsOfUse
  95. https://www.cve.org/Legal/PrivacyPolicy
  96. https://cveform.mitre.org/
  97. https://twitter.com/CVEnew/
  98. https://www.linkedin.com/company/cve-program
  99. https://github.com/CVEProject
 100. https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/
 101. https://medium.com/@cve_program
 102. https://cve.mitre.org/find/index.html
 103. https://cve.mitre.org/about/termsofuse.html
 104. https://www.dhs.gov/
 105. https://www.dhs.gov/cisa/cybersecurity-division/
 106. https://www.mitre.org/

   Hidden links:
 108. https://cve.mitre.org/index.html