[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [curlsec] [USN-3464-1] Wget vulnerabilities

From: Dale R. Worley
Subject: Re: [Bug-wget] [curlsec] [USN-3464-1] Wget vulnerabilities
Date: Sun, 31 Dec 2017 09:13:47 -0500

Kristian Erik Hermansen <address@hidden> writes:
> I still contend that this is at least a bug, and potentially a
> security issue, but only when the headers are ones that should NEVER
> have multiple values.

I agree with others that it's not clear that there's a security issue
here.  It appears that wget/curl can be used to generate HTTP requests
(or pseudo-HTTP requests) that might exploit security problems in web
servers, but that's the web servers' problem, not wget's/curl's.

Certainly, making sure that wget/curl can't generate such requests
doesn't stop the black-hats from generating them by other means.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]