A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

References

bugzilla.redhat.com/show_bug.cgi?id=1575634

nessus 27

debian 3

osv 3

packetstorm 1

openvas 22

cve 1

debiancve 1

gentoo 1

redhat 1

amazon 2

checkpoint_advisories 1

fedora 5

prion 1

suse 1

veracode 1

ibm 5

ubuntucve 1

mageia 1

ubuntu 2

slackware 1

cloudfoundry 1

exploitpack 1

freebsd 1

centos 1

alpinelinux 1

exploitdb 1

oraclelinux 1

photon 1

nessus

Amazon Linux AMI : wget (ALAS-2018-1040)

2018-06-12 00:00:00

EulerOS Virtualization 2.5.1 : wget (EulerOS-SA-2018-1342)

2018-10-26 00:00:00

Fedora 26 : wget (2018-f29459149a)

2018-05-14 00:00:00

debian

[SECURITY] [DSA 4195-1] wget security update

2018-05-08 10:29:00

[SECURITY] [DLA 1375-1] wget security update

2018-05-11 07:29:45

[SECURITY] [DSA 4195-1] wget security update

2018-05-08 10:29:00

osv

wget - security update

2018-05-11 00:00:00

wget - security update

2018-05-08 00:00:00

CVE-2018-0494

2018-05-06 22:29:00

packetstorm

GNU Wget 1.19.4 Cookie Injection

2018-05-07 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2018:1367-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1085)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1165)

2020-01-23 00:00:00

cve

CVE-2018-0494

2018-05-06 22:29:00

debiancve

CVE-2018-0494

2018-05-06 22:29:00

gentoo

GNU Wget: Cookie injection

2018-06-13 00:00:00

redhat

(RHSA-2018:3052) Moderate: wget security and bug fix update

2018-10-30 04:13:12

amazon

Medium: wget

2018-12-06 20:27:00

Medium: wget

2018-06-08 18:35:00

checkpoint_advisories

GNU Wget Cookie Injection Policy Bypass (CVE-2018-0494)

2018-05-14 00:00:00

fedora

[SECURITY] Fedora 28 Update: wget-1.19.5-1.fc28

2018-05-11 21:15:59

[SECURITY] Fedora 28 Update: wget-1.20.1-1.fc28

2019-01-11 03:00:35

[SECURITY] Fedora 27 Update: wget-1.19.5-1.fc27

2018-05-13 20:18:25

prion

Design/Logic Flaw

2018-05-06 22:29:00

suse

Security update for wget (moderate)

2018-05-23 15:09:25

veracode

HTTP Cookie Injection

2019-01-15 09:25:30

ibm

Security Bulletin: A vulnerability in wget affects PowerKVM

2018-12-17 14:25:02

Security Bulletin: A vulnerability with GNU Wget affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-0494)

2023-01-12 21:59:00

Security Bulletin: Multiple vulnerabilities in Ubuntu affect IBM API Connect Developer Portal

2018-06-23 02:50:14

ubuntucve

CVE-2018-0494

2018-05-06 00:00:00

mageia

Updated wget packages fix security vulnerabilities

2018-05-16 11:24:56

ubuntu

Wget vulnerability

2018-05-09 00:00:00

Wget vulnerability

2018-05-09 00:00:00

slackware

[slackware-security] wget

2018-05-10 01:30:09

cloudfoundry

USN-3643-1: Wget vulnerability | Cloud Foundry

2018-06-05 00:00:00

exploitpack

GNU wget - Cookie Injection

2018-05-06 00:00:00

freebsd

wget -- cookie injection vulnerability

2018-04-26 00:00:00

centos

wget security update

2018-11-15 18:53:41

alpinelinux

CVE-2018-0494

2018-05-06 22:29:00

exploitdb

GNU wget - Cookie Injection

2018-05-06 00:00:00

oraclelinux

wget security and bug fix update

2018-11-05 00:00:00

photon

Critical Photon OS Security Update - PHSA-2019-0237

2019-06-12 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for RH:CVE-2018-0494