Red Hat Security Advisory 2018-3052-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include cookie injection.
f5975ea258c2fe6852d1deedd5e06ccabe1785b100792ed5ddc73c11e571d15aGentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.
f98051cfe0e234d3b7f35e0d75a1b8a3b1b70161f829b8570cd7176b4985ee28Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
ba3566c850ccf6c48ef0a37ff6c74078360e399ea9e44e131be4d6357ee2d852Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.
ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.
a130e31b5d2e0a9bceae5d50afd56c7094c26cc99c1a05fbf1b6baf0f5a455caGNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.
b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed