CVE-2017-6508

Summary

CVE	CVE-2017-6508
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-03-07 08:59:00 UTC
Updated	2017-07-01 01:30:00 UTC
Description	CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Risk And Classification

Problem Types: CWE-93

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Wget	All	All	All	All

References

Reference	Source	Link	Tags
GNU Wget CVE-2017-6508 CRLF Injection Vulnerability	BID	www.securityfocus.com
wget.git - GNU Wget	CONFIRM	git.savannah.gnu.org	Patch
GNU Wget: Header injection (GLSA 201706-16) — Gentoo security	GENTOO	security.gentoo.org
[Bug-wget] Vulnerability Report - CRLF Injection in Wget Host Part	MISC	lists.gnu.org	Exploit, Mailing List
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

500734 Alpine Linux Security Update for wget
504510 Alpine Linux Security Update for wget
671086 EulerOS Security Update for wget (EulerOS-SA-2019-2198)
710474 Gentoo Linux GNU Wget Header injection Vulnerability (GLSA 201706-16)