#VU12432 Cookie injection in wget


Published: 2021-06-17

Vulnerability identifier: #VU12432

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-0494

CWE-ID: CWE-74

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
wget
Server applications / File servers (FTP/HTTP)

Vendor: GNU

Description
The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists due to improper processing of Set-Cookie responses. A remote attacker can return specially crafted data and inject arbitrary cookies into the cookie jar file.

Mitigation
Update to version 1.19.5 or later.

Vulnerable software versions

wget: 1.17 - 1.19.4

External links
http://sintonen.fi/advisories/gnu-wget-cookie-injection.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data update for GNU Wget
Red Hat update for wget
Gentoo update for GNU Wget
Amazon Linux AMI update for wget
OpenSUSE Linux update for wget
Slackware Linux update for wget
Slackware Linux update for wget
Slackware Linux update for wget
Debian update for wget
Cookie injection in wget (Alpine package)