CVE-2017-6508

Priority
Low
Description
CRLF injection vulnerability in the url_parse function in url.c in Wget
through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via
CRLF sequences in the host subcomponent of a URL.
References
Bugs
Package
Source: wget (LP Ubuntu Debian)
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):released (1.19.1-3ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.19.1-3ubuntu1.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.13.4-2ubuntu1.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.15-1ubuntu1.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.17.1-1ubuntu1.3)
Ubuntu 17.04 (Zesty Zapus):released (1.18-2ubuntu1.1)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
More Information

Updated: 2017-10-30 14:14:24 UTC (commit 13604)