CVE-2017-6508

6.1MEDIUM

Key Information:

Vendor: Gnu
Status: Wget
Vendor: CVE Published:; 7 March 2017

Summary

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

References

http://lists.gnu.org/archive/html/bug-wget/2017-03/msg000...

x_refsource_MISC

https://security.gentoo.org/glsa/201706-16

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/96877

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 7, 2017
Vulnerability Reserved
Mar 7, 2017