Veracode Vulnerability DatabaseVERACODE:23977Spoofing Attack
EPSS
Percentile
74.1%
wget is vulnerable to spoofing attack. Wget is affected by the previously published βnull prefix attackβ, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it by mistake.
References
addictivecode.org/pipermail/wget-notify/2009-August/001808.html
hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
marc.info/?l=oss-security&m=125198917018936&w=2
marc.info/?l=oss-security&m=125369675820512&w=2
permalink.gmane.org/gmane.comp.web.wget.general/8972
secunia.com/advisories/36540
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/36205
www.vupen.com/english/advisories/2009/2498
access.redhat.com/errata/RHSA-2009:1549
bugzilla.redhat.com/show_bug.cgi?id=520454
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099
Related
