ID CVE-2016-4971
Summary GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu_wget_project:gnu_wget:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnu_wget_project:gnu_wget:*:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
CVSS
Base: 4.3 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1343666
title CVE-2016-4971 wget: Lack of filename checking allows arbitrary file upload via FTP redirect
oval
AND
  • comment wget is earlier than 0:1.14-13.el7
    oval oval:com.redhat.rhsa:tst:20162587005
  • comment wget is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20140151006
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
rhsa
id RHSA-2016:2587
released 2016-11-03
severity Moderate
title RHSA-2016:2587: wget security and bug fix update (Moderate)
rpms wget-0:1.14-13.el7
refmap via4
bid 91530
confirm
exploit-db 40064
gentoo GLSA-201610-11
mlist [info-gnu] 20160609 GNU wget 1.18 released
sectrack 1036133
suse openSUSE-SU-2016:2027
ubuntu USN-3012-1
Last major update 05-01-2018 - 02:30
Published 30-06-2016 - 17:59
Back to Top