CRLF Injection Vulnerability in Wget by GNU
CVE-2017-6508

6.1MEDIUM

Key Information:

Vendor
Gnu
Status
Wget
Vendor
CVE Published:
7 March 2017

Summary

A CRLF injection vulnerability exists in the url_parse function of Wget, affecting versions up to 1.19.1. This flaw allows remote attackers to manipulate HTTP headers by injecting arbitrary header information via CRLF sequences in the host subcomponent of a URL. This can lead to various security issues, including session hijacking and cross-site scripting, posing significant threats to user data and server integrity.

References

http://lists.gnu.org/archive/html/bug-wget/2017-03/msg000...
x_refsource_MISC
https://security.gentoo.org/glsa/201706-16
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/96877
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.