October 8, 2009

Debian Security Advisory 1904 wget - insufficient input validation

Article Source Debian Security Advisories
October 8, 2009, 5:00 pm

Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using HTTP(S) and FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field...

Read More

Click Here!