Vulnerability CVE-2018-0494


Published: 2018-05-06

Description:
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

See advisories in our WLB2 database:
Topic
Author
Date
Low
GNU Wget 1.19.4 Cookie Injection
Harry Sintonen
08.05.2018

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: Debian linux 
Version:
9.0
8.0
7.0
Vendor: Redhat
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
17.10
16.04
14.04
12.04
Vendor: GNU
Product: WGET 
Version:
1.5.0
1.4.3
1.4.2
1.4.1
1.4.0
1.19

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/104129
http://www.securitytracker.com/id/1040838
https://access.redhat.com/errata/RHSA-2018:3052
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html
https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
https://savannah.gnu.org/bugs/?53763
https://security.gentoo.org/glsa/201806-01
https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
https://usn.ubuntu.com/3643-1/
https://usn.ubuntu.com/3643-2/
https://www.debian.org/security/2018/dsa-4195
https://www.exploit-db.com/exploits/44601/

Related CVE
CVE-2012-6711
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to p...
CVE-2018-12886
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack ...
CVE-2019-5953
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVE-2019-11640
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
CVE-2019-11639
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVE-2019-11638
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVE-2019-11637
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
CVE-2006-7254
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

Copyright 2019, cxsecurity.com

 

Back to Top