CVE-2017-6508

Published: 07 March 2017

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Priority

CVSS 3 base score: 6.1

Status

Package	Release	Status
wget Launchpad, Ubuntu, Debian	Upstream	Needed





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1.17.1-1ubuntu1.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.15-1ubuntu1.14.04.3)
	Patches: Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6508
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
https://ubuntu.com/security/notices/USN-3464-1
https://ubuntu.com/security/notices/USN-3464-2
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857073

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›