CVE-2017-6508 (retired)

Priority
Description
CRLF injection vulnerability in the url_parse function in url.c in Wget
through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via
CRLF sequences in the host subcomponent of a URL.
Package
Source: wget (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (1.13.4-2ubuntu1.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.15-1ubuntu1.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.17.1-1ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.19.1-3ubuntu1.1)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
More Information

Updated: 2019-03-26 12:26:15 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)