RHEL 2.1 : lynx (RHSA-2003:030)
Medium Nessus Plugin ID 12357
SynopsisThe remote Red Hat host is missing a security update.
DescriptionUpdated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server.
Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100.
Lynx constructs its HTTP queries from the command line (or WWW_HOME environment variable) without regard to special characters such as carriage returns or linefeeds. When given a URL containing such special characters, extra headers could be inserted into the request.
This could cause scripts using Lynx to fetch data from the wrong site from servers with virtual hosting.
Users of Lynx are advised to upgrade to these erratum packages which contain a patch to correct this isssue.
SolutionUpdate the affected lynx package.