Описание
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | wget | Will not fix | ||
| Red Hat Enterprise Linux 6 | wget | Will not fix | ||
| Red Hat Enterprise Linux 8 | wget | Not affected | ||
| Red Hat Enterprise Linux 7 | wget | Fixed | RHSA-2018:3052 | 30.10.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1575634wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar
EPSS
Процентиль: 99%
0.76826
Высокий
7.1 High
CVSS3
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 7 лет назад
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
CVSS3: 6.5
nvd
больше 7 лет назад
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
CVSS3: 6.5
debian
больше 7 лет назад
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...
EPSS
Процентиль: 99%
0.76826
Высокий
7.1 High
CVSS3