exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2018-0494

Status Candidate

Overview

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

Related Files

Red Hat Security Advisory 2018-3052-01
Posted Oct 30, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3052-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Issues addressed include cookie injection.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2018-0494
SHA-256 | f5975ea258c2fe6852d1deedd5e06ccabe1785b100792ed5ddc73c11e571d15a
Gentoo Linux Security Advisory 201806-01
Posted Jun 13, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-1 - A vulnerability in GNU Wget could allow arbitrary cookies to be injected. Versions less than 1.19.5 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2018-0494
SHA-256 | f98051cfe0e234d3b7f35e0d75a1b8a3b1b70161f829b8570cd7176b4985ee28
Slackware Security Advisory - wget Updates
Posted May 10, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-0494
SHA-256 | ba3566c850ccf6c48ef0a37ff6c74078360e399ea9e44e131be4d6357ee2d852
Ubuntu Security Notice USN-3643-2
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-2 - USN-3643-1 fixed a vulnerability in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | 2baa914e2be3c4ec3d77cc267df8d63b6e6846eb6c6eef59e5a355c709834908
Ubuntu Security Notice USN-3643-1
Posted May 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3643-1 - It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-0494
SHA-256 | ecfcf061117b86f26fc3ca56b8d318d370404b541e43650c789354a123064194
Debian Security Advisory 4195-1
Posted May 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4195-1 - Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-0494
SHA-256 | a130e31b5d2e0a9bceae5d50afd56c7094c26cc99c1a05fbf1b6baf0f5a455ca
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
SHA-256 | b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close