All vulnerabilities

CVE-2017-6508

Description

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
6.1
Severity
Medium
Ecosystem
RPM
Publish Date
March 7, 2017
Modified Date
April 16, 2026
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Versions