ID:6371 - Exploit for Cookie injection in wget - CVE-2018-0494
Published: June 17, 2021
Vulnerability identifier: #VU12432
Vulnerability risk: Low
CVE-ID: CVE-2018-0494
CWE-ID: CWE-74
Exploitation vector: Remote access
Vulnerable software:
wget
wget
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to write arbitrary files on the target system.
The weakness exists due to improper processing of Set-Cookie responses. A remote attacker can return specially crafted data and inject arbitrary cookies into the cookie jar file.
The weakness exists due to improper processing of Set-Cookie responses. A remote attacker can return specially crafted data and inject arbitrary cookies into the cookie jar file.
Remediation
Update to version 1.19.5 or later.