CVE-2017-6508

Опубликовано: 07 мар. 2017

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget into processing crafted URLs.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	wget	Will not fix
Red Hat Enterprise Linux 6	wget	Will not fix
Red Hat Enterprise Linux 7	wget	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-77

https://bugzilla.redhat.com/show_bug.cgi?id=1429984wget: CRLF injection in the url_parse function in url.c

EPSS

Процентиль: 40%

0.00186

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-6508

CVSS3: 6.1

ubuntu

почти 9 лет назад

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

CVE-2017-6508

CVSS3: 6.1

nvd

почти 9 лет назад

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

CVE-2017-6508

CVSS3: 6.1

debian

почти 9 лет назад

CRLF injection vulnerability in the url_parse function in url.c in Wge ...

openSUSE-SU-2017:0890-1

suse-cvrf

почти 9 лет назад

Security update for wget

SUSE-SU-2017:0800-1

suse-cvrf

почти 9 лет назад

Security update for wget

EPSS

Процентиль: 40%

0.00186

Низкий

5.3 Medium

CVSS3