CVE-2017-6508

CWE-93CWE-77Command InjectionCWE-78OS Command Injection13 documents9 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 59.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Wget
Timeline
PublishedMar 7
Latest updateMay 17

Description

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Debianwget< 1.19.1-2+3
NVDgnu/wget1.19.1

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-vmw7-mxgc-c8qm: CRLF injection vulnerability in the url_parse function in url2022-05-17
OSV
wget vulnerabilities2017-10-26
CVEList
CVE-2017-6508: CRLF injection vulnerability in the url_parse function in url2017-03-07
OSV
CVE-2017-6508: CRLF injection vulnerability in the url_parse function in url2017-03-07

💥Exploits & PoCs

1
Exploit-DB
Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting2017-08-14

📋Vendor Advisories

5
Red Hat
puppet: Unparameterized input in multiple modules can allow a remote user to execute arbitrary code2018-02-05
Ubuntu
Wget vulnerabilities2017-10-30
Ubuntu
Wget vulnerabilities2017-10-26
Red Hat
wget: CRLF injection in the url_parse function in url.c2017-03-07
Debian
CVE-2017-6508: wget - CRLF injection vulnerability in the url_parse function in url.c in Wget through ...2017

💬Community

2
Bugzilla
CVE-2017-6508 wget: CRLF injection in the url_parse function in url.c [fedora-all]2017-03-07
Bugzilla
CVE-2017-6508 wget: CRLF injection in the url_parse function in url.c2017-03-07