Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2021-1996
HistoryJul 02, 2021 - 6:19 p.m.

Advisory ROSA-SA-2021-1996

2021-07-0218:19:54
ROSA LAB
abf.rosalinux.ru
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Software: wget 1.14
OS: Cobalt 7.9

CVE-ID: CVE-2016-7098
CVE-Crit: HIGH
CVE-DESC: The race condition in wget 1.17 and earlier, when used in recursive or mirror mode to download a single file, may allow remote servers to bypass perceived access list restrictions by leaving the HTTP connection open.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-6508
CVE-Crit: MEDIUM
CVE-DESC: A CRLF injection vulnerability in the url_parse function in url.c in Wget before version 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences into the host subcomponent of a URL.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-20483
CVE-Crit: HIGH
CVE-DESC: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores the file source URL in the metadata attribute user.xdg.origin.url of the extended attributes of the uploaded file, which allows local users to obtain sensitive information ( such as credentials contained in the URL) by reading this attribute, as shown by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 07/22/2016 in the Wget change log, user.xdg.origin.url is partially based on the fwrite_xattr behavior in tool_xattr.c in curl.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-31879
CVE-Crit: MEDIUM
CVE-DESC: GNU Wget through 1.21.1 does not pass the authorization header when redirecting to another source, an issue related to CVE-2018-1000007.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchwget< 1.14UNKNOWN

Related

ubuntucve 6
nessus 56
alpinelinux 3
prion 6
debiancve 6
cve 7
cloudfoundry 3
openvas 40
ubuntu 5
redhatcve 5
ibm 6
cbl_mariner 2
suse 1
osv 10
exploitpack 1
mageia 3
freebsd 4
fedora 7
gentoo 2
veracode 3
packetstorm 1
zdt 1
debian 4
hackerone 1
symantec 1
amazon 3
f5 1
exploitdb 1
photon 1
rubygems 1
archlinux 5
altlinux 1
github 1
slackware 1
ubuntucve
ubuntucve
CVE-2021-31879
2021-04-29 00:00:00
CVE-2016-7098
2016-09-26 00:00:00
CVE-2018-20483
2018-12-26 00:00:00
nessus
nessus
Amazon Linux 2023 : wget (ALAS2023-2023-012)
2023-03-21 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Wget vulnerabilities (USN-3464-1)
2017-10-27 00:00:00
Fedora 29 : curl (2019-427a0ba9e3)
2019-01-24 00:00:00
alpinelinux
alpinelinux
CVE-2021-31879
2021-04-29 05:15:00
CVE-2018-20483
2018-12-26 18:29:00
CVE-2017-6508
2017-03-07 08:59:00
prion
prion
Authorization
2021-04-29 05:15:00
Code injection
2018-12-26 18:29:00
Race condition
2016-09-26 14:59:00
debiancve
debiancve
CVE-2021-31879
2021-04-29 05:15:00
CVE-2018-20483
2018-12-26 18:29:00
CVE-2016-7098
2016-09-26 14:59:00
cve
cve
CVE-2021-31879
2021-04-29 05:15:00
CVE-2016-7098
2016-09-26 14:59:00
CVE-2018-20483
2018-12-26 18:29:00
cloudfoundry
cloudfoundry
USN-3464-1: Wget vulnerabilities | Cloud Foundry
2017-11-27 00:00:00
USN-3943-1: Wget vulnerabilities | Cloud Foundry
2019-04-25 00:00:00
USN-3554-1: curl vulnerabilities | Cloud Foundry
2018-03-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3464-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-3464-1)
2017-10-27 00:00:00
Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1263)
2020-01-23 00:00:00
ubuntu
ubuntu
Wget vulnerabilities
2017-10-30 00:00:00
Wget vulnerabilities
2017-10-26 00:00:00
curl vulnerability
2018-02-01 00:00:00
redhatcve
redhatcve
CVE-2021-31879
2021-04-29 23:59:01
CVE-2016-7098
2016-08-29 07:18:31
CVE-2018-20483
2018-12-31 21:19:23
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by Wget vulnerability (CVE-2021-31879)
2022-03-30 16:04:21
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in wget
2024-01-31 23:15:27
Security Bulletin: A vulnerability in 'GNU Wget' affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-20483)
2023-01-12 21:59:00
cbl_mariner
cbl_mariner
CVE-2021-31879 affecting package wget 1.20.3-3
2021-11-03 19:21:14
CVE-2021-31879 affecting package wget 1.20.3-4
2022-04-09 06:51:42
suse
suse
Security update for wget (important)
2019-01-18 00:00:00
osv
osv
CVE-2018-20483
2018-12-26 18:29:00
wget - security update
2020-01-29 00:00:00
curl - security update
2018-01-26 00:00:00
exploitpack
exploitpack
GNU Wget 1.18 - Access List Bypass Race Condition
2016-11-24 00:00:00
mageia
mageia
Updated wget packages fix security vulnerability
2019-01-06 00:49:27
Updated wget packages fix security vulnerability
2017-04-04 09:44:05
Updated wget packages fix security vulnerability
2016-09-28 08:59:24
freebsd
freebsd
wget -- security flaw in caching credentials passed as a part of the URL
2018-12-25 00:00:00
wget -- Access List Bypass / Race Condition
2016-11-24 00:00:00
cURL -- Multiple vulnerabilities
2018-01-24 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: wget-1.20.1-1.fc29
2019-01-04 02:58:08
[SECURITY] Fedora 26 Update: wget-1.19.1-3.fc26
2017-06-09 20:22:41
[SECURITY] Fedora 24 Update: wget-1.18-2.fc24
2017-06-10 10:23:50
gentoo
gentoo
GNU Wget: Password and metadata leak
2019-03-10 00:00:00
GNU Wget: Header injection
2017-06-20 00:00:00
veracode
veracode
Information Disclosure
2019-11-06 00:21:08
CRLF Injection
2020-12-06 04:06:32
Information Disclosure
2019-01-15 09:25:18
packetstorm
packetstorm
GNU Wget Access List Bypass / Race Condition
2016-11-24 00:00:00
zdt
zdt
GNU Wget < 1.18 - Access List Bypass / Race Condition Vulnerabilities
2016-11-24 00:00:00
debian
debian
[SECURITY] [DLA 2086-1] wget security update
2020-01-29 21:58:04
[SECURITY] [DLA 851-1] wget security update
2017-03-09 10:31:28
[SECURITY] [DLA 1263-1] curl security update
2018-01-29 21:39:06
hackerone
hackerone
curl: Proxy-Authorization header carried to a new host on a redirect
2021-01-25 02:37:39
symantec
symantec
cURL/libcURL CVE-2018-1000007 Information Disclosure Vulnerability
2018-01-24 00:00:00
amazon
amazon
Low: wget
2017-08-31 15:58:00
Medium: curl
2019-02-07 04:24:00
Important: curl
2018-02-20 20:57:00
f5
f5
K26311635 : Wget vulnerability CVE-2017-6508
2017-03-31 00:00:00
exploitdb
exploitdb
GNU Wget &lt; 1.18 - Access List Bypass / Race Condition
2016-11-24 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-3.0-0505
2022-12-19 00:00:00
rubygems
rubygems
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-01 21:00:00
archlinux
archlinux
[ASA-201801-26] lib32-libcurl-compat: multiple issues
2018-01-29 00:00:00
[ASA-201801-22] lib32-curl: multiple issues
2018-01-29 00:00:00
[ASA-201801-23] libcurl-compat: multiple issues
2018-01-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.58.0-alt1
2018-01-24 00:00:00
github
github
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-02 17:52:45
slackware
slackware
[slackware-security] curl
2018-01-25 02:28:38

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON
Related for ROSA-SA-2021-1996
ubuntucve6nessus56alpinelinux3prion6debiancve6cve7cloudfoundry3openvas40ubuntu5redhatcve5ibm6cbl_mariner2suse1osv10exploitpack1mageia3freebsd4fedora7gentoo2veracode3packetstorm1zdt1debian4hackerone1symantec1amazon3f51exploitdb1photon1rubygems1archlinux5altlinux1github1slackware1