ExploitCVE-2017-6508
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Published: Mar 7, 2017 / Updated: 89mo ago
010
No CVSS yetEPSS 0.29%
CVE info copied to clipboard
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
Timeline
First Article
Feedly found the first article mentioning CVE-2017-6508. See article
Mar 7, 2017 at 11:26 AM / web.nvd.nist.gov
EPSS
EPSS Score was set to: 0.29% (Percentile: 65.5%)
Oct 20, 2023 at 8:44 PM
Affected Systems
Gnu/wget
+null more
Exploits
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
+null more
Patches
git.savannah.gnu.org
+null more
Attack Patterns
CAPEC-15: Command Delimiters
+null more
News
RHEL 6 : wget (Unpatched Vulnerability)
Nessus Plugin ID 198435 with High Severity Synopsis The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched. Description The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) - wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) - CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. (CVE-2017-6508) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed. Solution The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation guidance. Read more at https://www.tenable.com/plugins/nessus/198435
redhat_unpatched wget: wget: Unpatched vulnerabilities
Development Last Updated: 6/3/2024 CVEs: CVE-2014-4877 , CVE-2018-0494 , CVE-2010-2252 , CVE-2016-4971 , CVE-2017-6508
RHEL 7 : wget (Unpatched Vulnerability)
Nessus Plugin ID 195402 with High Severity Synopsis The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched. Description The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483) - wget: authorization header disclosure on redirect (CVE-2021-31879) - CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. (CVE-2017-6508) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed. Solution The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation guidance. Read more at https://www.tenable.com/plugins/nessus/195402
redhat_unpatched wget: wget: Unpatched vulnerabilities
Development Last Updated: 5/11/2024 CVEs: CVE-2016-4971 , CVE-2017-6508 , CVE-2018-20483 , CVE-2021-31879 , CVE-2018-0494
CVE-2017-6508
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a...
See 2 more articles and social media posts