Veracode Vulnerability DatabaseVERACODE:13073

HistoryJan 15, 2019 - 9:25 a.m.

HTTP Cookie Injection

2019-01-1509:25:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.078

Percentile

94.3%

JSON

wget is vulnerable to HTTP cookie injection attacks. The vulnerability exists as GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHSA-2018:3052

access.redhat.com/security/updates/classification/#moderate

gentoo

GNU Wget: Cookie injection

2018-06-13 00:00:00

nessus

RHEL 7 : wget (RHSA-2018:3052)

2018-10-31 00:00:00

EulerOS Virtualization 2.5.1 : wget (EulerOS-SA-2018-1342)

2018-10-26 00:00:00

Debian DSA-4195-1 : wget - security update

2018-05-09 00:00:00

osv

wget - security update

2018-05-11 00:00:00

CVE-2018-0494

2018-05-06 22:29:00

wget - security update

2018-05-08 00:00:00

debian

[SECURITY] [DLA 1375-1] wget security update

2018-05-11 07:29:45

[SECURITY] [DSA 4195-1] wget security update

2018-05-08 10:29:00

[SECURITY] [DSA 4195-1] wget security update

2018-05-08 10:29:00

amazon

Medium: wget

2018-12-06 20:27:00

Medium: wget

2018-06-08 18:35:00

openvas

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1085)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1165)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2018:1367-1)

2021-06-09 00:00:00

debiancve

CVE-2018-0494

2018-05-06 22:29:00

redhat

(RHSA-2018:3052) Moderate: wget security and bug fix update

2018-10-30 04:13:12

cve

CVE-2018-0494

2018-05-06 22:29:00

packetstorm

GNU Wget 1.19.4 Cookie Injection

2018-05-07 00:00:00

checkpoint_advisories

GNU Wget Cookie Injection Policy Bypass (CVE-2018-0494)

2018-05-14 00:00:00

fedora

[SECURITY] Fedora 28 Update: wget-1.19.5-1.fc28

2018-05-11 21:15:59

[SECURITY] Fedora 28 Update: wget-1.20.1-1.fc28

2019-01-11 03:00:35

[SECURITY] Fedora 28 Update: wget-1.20.3-1.fc28

2019-04-09 01:14:38

suse

Security update for wget (moderate)

2018-05-23 15:09:25

prion

Design/Logic Flaw

2018-05-06 22:29:00

zdt

GNU wget - Cookie Injection Vulnerability

2018-05-09 00:00:00

nvd

CVE-2018-0494

2018-05-06 22:29:00

alpinelinux

CVE-2018-0494

2018-05-06 22:29:00

exploitpack

GNU wget - Cookie Injection

2018-05-06 00:00:00

freebsd

wget -- cookie injection vulnerability

2018-04-26 00:00:00

cvelist

CVE-2018-0494

2018-05-06 22:00:00

ubuntu

Wget vulnerability

2018-05-09 00:00:00

Wget vulnerability

2018-05-09 00:00:00

centos

wget security update

2018-11-15 18:53:41

cloudfoundry

USN-3643-1: Wget vulnerability | Cloud Foundry

2018-06-05 00:00:00

slackware

[slackware-security] wget

2018-05-10 01:30:09

ibm

Security Bulletin: A vulnerability in wget affects PowerKVM

2018-12-17 14:25:02

Security Bulletin: A vulnerability with GNU Wget affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-0494)

2023-01-12 21:59:00

Security Bulletin: Multiple vulnerabilities in Ubuntu affect IBM API Connect Developer Portal

2018-06-23 02:50:14

exploitdb

GNU wget - Cookie Injection

2018-05-06 00:00:00

ubuntucve

CVE-2018-0494

2018-05-06 00:00:00

redhatcve

CVE-2018-0494

2018-05-07 13:49:19

mageia

Updated wget packages fix security vulnerabilities

2018-05-16 11:24:56

oraclelinux

wget security and bug fix update

2018-11-05 00:00:00

photon

Critical Photon OS Security Update - PHSA-2019-0237

2019-06-12 00:00:00

HTTP Cookie Injection

References

Related