Your submission was sent successfully! Close

CVE-2017-6508

Published: 7 March 2017

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
wget
Launchpad, Ubuntu, Debian
artful
Released (1.19.1-3ubuntu1.1)
precise
Released (1.13.4-2ubuntu1.5)
trusty
Released (1.15-1ubuntu1.14.04.3)
upstream Needed

xenial
Released (1.17.1-1ubuntu1.3)
yakkety Ignored
(reached end-of-life)
zesty
Released (1.18-2ubuntu1.1)