Debian Security Update DSA-4195 wget - security update

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,752
Reaction score
94
Credits
-1,257
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle '\r\n' from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replacing existing cookie values.

Continue reading...
 


Follow Linux.org

Members online

No members online now.

Latest posts

Top