Vulnerability Details CVE-2017-6508
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
- http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
- http://www.securityfocus.com/bid/96877
- https://security.gentoo.org/glsa/201706-16
- http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
- http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
- http://www.securityfocus.com/bid/96877
- https://security.gentoo.org/glsa/201706-16
Products affected by CVE-2017-6508
-
cpe:2.3:a:gnu:wget:-
-
cpe:2.3:a:gnu:wget:1.10
-
cpe:2.3:a:gnu:wget:1.10.1
-
cpe:2.3:a:gnu:wget:1.10.2
-
cpe:2.3:a:gnu:wget:1.11
-
cpe:2.3:a:gnu:wget:1.11.1
-
cpe:2.3:a:gnu:wget:1.11.2
-
cpe:2.3:a:gnu:wget:1.11.3
-
cpe:2.3:a:gnu:wget:1.11.4
-
cpe:2.3:a:gnu:wget:1.11.4-1
-
cpe:2.3:a:gnu:wget:1.12
-
cpe:2.3:a:gnu:wget:1.13
-
cpe:2.3:a:gnu:wget:1.13.1
-
cpe:2.3:a:gnu:wget:1.13.3
-
cpe:2.3:a:gnu:wget:1.13.4
-
cpe:2.3:a:gnu:wget:1.14
-
cpe:2.3:a:gnu:wget:1.15
-
cpe:2.3:a:gnu:wget:1.16
-
cpe:2.3:a:gnu:wget:1.16.1
-
cpe:2.3:a:gnu:wget:1.16.2
-
cpe:2.3:a:gnu:wget:1.16.3
-
cpe:2.3:a:gnu:wget:1.17
-
cpe:2.3:a:gnu:wget:1.17.1
-
cpe:2.3:a:gnu:wget:1.18
-
cpe:2.3:a:gnu:wget:1.19
-
cpe:2.3:a:gnu:wget:1.19.1
-
cpe:2.3:a:gnu:wget:1.4.0
-
cpe:2.3:a:gnu:wget:1.4.1
-
cpe:2.3:a:gnu:wget:1.4.2
-
cpe:2.3:a:gnu:wget:1.4.3
-
cpe:2.3:a:gnu:wget:1.5.0
-
cpe:2.3:a:gnu:wget:1.5.3
-
cpe:2.3:a:gnu:wget:1.6
-
cpe:2.3:a:gnu:wget:1.7
-
cpe:2.3:a:gnu:wget:1.7.1
-
cpe:2.3:a:gnu:wget:1.8
-
cpe:2.3:a:gnu:wget:1.8.1
-
cpe:2.3:a:gnu:wget:1.8.2
-
cpe:2.3:a:gnu:wget:1.9
-
cpe:2.3:a:gnu:wget:1.9.1