rpm package
suse/wget-openssl1&distro=SUSE Linux Enterprise Server 11-SECURITY
pkg:rpm/suse/wget-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-0494 | Med | 6.5 | < 1.11.4-1.41.3.1 | 1.11.4-1.41.3.1 | May 6, 2018 | GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | |
| CVE-2017-6508 | Med | 6.1 | < 1.11.4-1.40.1 | 1.11.4-1.40.1 | Mar 7, 2017 | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |
| CVE-2016-7098 | Hig | 8.1 | < 1.11.4-1.32.1 | 1.11.4-1.32.1 | Sep 26, 2016 | Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | |
| CVE-2016-4971 | Hig | 8.8 | < 1.11.4-1.32.1 | 1.11.4-1.32.1 | Jun 30, 2016 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. |
- affected < 1.11.4-1.41.3.1fixed 1.11.4-1.41.3.1
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
- affected < 1.11.4-1.40.1fixed 1.11.4-1.40.1
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.
- affected < 1.11.4-1.32.1fixed 1.11.4-1.32.1
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
- affected < 1.11.4-1.32.1fixed 1.11.4-1.32.1
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.