CVE-2017-6508

Published: 07 March 2017

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17.1-1ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.15-1ubuntu1.14.04.3)
Patches:
Upstream: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4