Lynx < 2.8.6 dev15 Arbitary Code Execution

High Log Correlation Engine Plugin ID 800978


The remote host is vulnerable to an arbitrary 'command insertion' flaw.


The remote host is using Lynx as a web browser. This version of Lynx is vulnerable to a flaw where an attacker, convincing a Lynx user to browse a malicious URI, can execute arbitrary code on the remote system.


Upgrade to version 2.8.6 dev15 or higher.

See Also

Plugin Details

Severity: High

ID: 800978

File Name: 800978.prm

Family: Web Clients

Risk Information

Risk Factor: High


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Reference Information

CVE: CVE-2005-2929

BID: 15395