CVE-2005-2929

2005-11-1811:00:00

CWE-264

mitre

web.nvd.nist.gov

lynx

remote code execution

cve-2005-2929

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.018

Percentile

88.2%

JSON

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

Affected configurations

Nvd

Node

university_of_kansaslynxMatch2.8.5

university_of_kansaslynxMatch2.8.6

university_of_kansaslynxMatch2.8.6_dev13

VendorProductVersionCPE
university_of_kansaslynx2.8.5cpe:2.3:a:university_of_kansas:lynx:2.8.5:*:*:*:*:*:*:*
university_of_kansaslynx2.8.6cpe:2.3:a:university_of_kansas:lynx:2.8.6:*:*:*:*:*:*:*
university_of_kansaslynx2.8.6_dev13cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
university_of_kansas	lynx	2.8.5	cpe:2.3:a:university_of_kansas:lynx:2.8.5:::::::*
university_of_kansas	lynx	2.8.6	cpe:2.3:a:university_of_kansas:lynx:2.8.6:::::::*
university_of_kansas	lynx	2.8.6_dev13	cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:::::::*