what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2018-0494

Status Candidate

Overview

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a sequence in a continuation line.

Related Files

Red Hat Security Advisory 2018-3052-01
Posted Oct 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3052-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include cookie injection.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2018-0494
SHA-256 | f5975ea258c2fe6852d1deedd5e06ccabe1785b100792ed5ddc73c11e571d15a
Gentoo Linux Security Advisory 201806-01
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0494
SHA-256 | f98051cfe0e234d3b7f35e0d75a1b8a3b1b70161f829b8570cd7176b4985ee28
Slackware Security Advisory - wget Updates
Posted May 10, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-0494
SHA-256 | ba3566c850ccf6c48ef0a37ff6c74078360e399ea9e44e131be4d6357ee2d852
Ubuntu Security Notice USN-3643-2
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | 2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908
Ubuntu Security Notice USN-3643-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194
Debian Security Advisory 4195-1
Posted May 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-0494
SHA-256 | a130e31b5d2e0a9bceae5d50afd56c7094c26cc99c1a05fbf1b6baf0f5a455ca
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
SHA-256 | b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close