Debian Security Advisory 1904 wget – insufficient input validation

47
Article Source Debian Security Advisories
October 8, 2009, 5:00 pm

Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using HTTP(S) and FTP, is vulnerable to the “Null Prefix Attacks Against SSL/TLS Certificates” published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field…

Read More