csaf_redhat - rhsa-2014

rhsa-2014_0151

Vulnerability from csaf_redhat

Published

2014-02-10 17:29

Modified

2024-11-22 07:28

Summary

Red Hat Security Advisory: wget security and bug fix update

Notes

Topic

An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2010-2252) Note: With this update, wget always uses the last component of the original URL as the name for the downloaded file. Previous behavior of using the server provided name or the last component of the redirected URL when creating files can be re-enabled by using the '--trust-server-names' command line option, or by setting 'trust_server_names=on' in the wget start-up file. This update also fixes the following bugs: * Prior to this update, the wget package did not recognize HTTPS SSL certificates with alternative names (subjectAltName) specified in the certificate as valid. As a consequence, running the wget command failed with a certificate error. This update fixes wget to recognize such certificates as valid. (BZ#1060113) All users of wget are advised to upgrade to this updated package, which contain backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated wget package that fixes one security issue and one bug is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The wget package provides the GNU Wget file retrieval utility for HTTP,\nHTTPS, and FTP protocols. Wget provides various useful features, such as\nthe ability to work in the background while the user is logged out,\nrecursive retrieval of directories, file name wildcard matching or updating\nfiles in dependency on file timestamp comparison.\n\nIt was discovered that wget used a file name provided by the server when\nsaving a downloaded file. This could cause wget to create a file with a\ndifferent name than expected, possibly allowing the server to execute\narbitrary code on the client. (CVE-2010-2252)\n\nNote: With this update, wget always uses the last component of the original\nURL as the name for the downloaded file. Previous behavior of using the\nserver provided name or the last component of the redirected URL when\ncreating files can be re-enabled by using the \u0027--trust-server-names\u0027\ncommand line option, or by setting \u0027trust_server_names=on\u0027 in the wget\nstart-up file.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the wget package did not recognize HTTPS SSL\ncertificates with alternative names (subjectAltName) specified in the\ncertificate as valid. As a consequence, running the wget command failed\nwith a certificate error. This update fixes wget to recognize such\ncertificates as valid. (BZ#1060113)\n\nAll users of wget are advised to upgrade to this updated package, which\ncontain backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0151",
        "url": "https://access.redhat.com/errata/RHSA-2014:0151"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "602797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
      },
      {
        "category": "external",
        "summary": "833831",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833831"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0151.json"
      }
    ],
    "title": "Red Hat Security Advisory: wget security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T07:28:58+00:00",
      "generator": {
        "date": "2024-11-22T07:28:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0151",
      "initial_release_date": "2014-02-10T17:29:11+00:00",
      "revision_history": [
        {
          "date": "2014-02-10T17:29:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-02-10T17:29:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:28:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 6)",
                  "product_id": "6Client-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux HPC Node (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux HPC Node (v. 6)",
                  "product_id": "6ComputeNode-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.12-1.11.el6_5.src",
                "product": {
                  "name": "wget-0:1.12-1.11.el6_5.src",
                  "product_id": "wget-0:1.12-1.11.el6_5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.12-1.11.el6_5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.12-1.11.el6_5.x86_64",
                "product": {
                  "name": "wget-0:1.12-1.11.el6_5.x86_64",
                  "product_id": "wget-0:1.12-1.11.el6_5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.12-1.11.el6_5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
                "product": {
                  "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
                  "product_id": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.12-1.11.el6_5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.12-1.11.el6_5.s390x",
                "product": {
                  "name": "wget-0:1.12-1.11.el6_5.s390x",
                  "product_id": "wget-0:1.12-1.11.el6_5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.12-1.11.el6_5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
                "product": {
                  "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
                  "product_id": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.12-1.11.el6_5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.12-1.11.el6_5.i686",
                "product": {
                  "name": "wget-0:1.12-1.11.el6_5.i686",
                  "product_id": "wget-0:1.12-1.11.el6_5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.12-1.11.el6_5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
                "product": {
                  "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
                  "product_id": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.12-1.11.el6_5?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.12-1.11.el6_5.ppc64",
                "product": {
                  "name": "wget-0:1.12-1.11.el6_5.ppc64",
                  "product_id": "wget-0:1.12-1.11.el6_5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.12-1.11.el6_5?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
                "product": {
                  "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
                  "product_id": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.12-1.11.el6_5?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-0:1.12-1.11.el6_5.src"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.src",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
          "product_id": "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Client-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.src"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.src",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)",
          "product_id": "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6ComputeNode-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.src as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-0:1.12-1.11.el6_5.src"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.src",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Server-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.src"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.src",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.i686",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.s390x",
        "relates_to_product_reference": "6Workstation-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
        "relates_to_product_reference": "6Workstation-6.5.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2252",
      "discovery_date": "2010-05-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "602797"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact due to the series of events required to successfully exploit it, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-6.5.z:wget-0:1.12-1.11.el6_5.i686",
          "6Client-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
          "6Client-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
          "6Client-6.5.z:wget-0:1.12-1.11.el6_5.src",
          "6Client-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
          "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
          "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
          "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
          "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
          "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.i686",
          "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
          "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
          "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.src",
          "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
          "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
          "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
          "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
          "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
          "6Server-6.5.z:wget-0:1.12-1.11.el6_5.i686",
          "6Server-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
          "6Server-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
          "6Server-6.5.z:wget-0:1.12-1.11.el6_5.src",
          "6Server-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
          "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
          "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
          "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
          "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
          "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.i686",
          "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
          "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
          "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.src",
          "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
          "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
          "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
          "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
          "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-2252"
        },
        {
          "category": "external",
          "summary": "RHBZ#602797",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-2252"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2252",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2252"
        },
        {
          "category": "external",
          "summary": "http://www.ocert.org/advisories/ocert-2010-001.html",
          "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
        }
      ],
      "release_date": "2010-05-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-02-10T17:29:11+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0151"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Client-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Client-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6ComputeNode-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6ComputeNode-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Server-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Server-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.i686",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.ppc64",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.s390x",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.src",
            "6Workstation-6.5.z:wget-0:1.12-1.11.el6_5.x86_64",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.i686",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.ppc64",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.s390x",
            "6Workstation-6.5.z:wget-debuginfo-0:1.12-1.11.el6_5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]"
    }
  ]
}

cve-2010-2252

Vulnerability from cvelistv5

Published

2010-07-06 14:00

Modified

2024-08-07 02:25

Severity ?

Summary

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

References

▼	URL	Tags
	http://marc.info/?l=oss-security&m=127411372529485&w=2	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=602797	x_refsource_CONFIRM
	http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2014-0151.html	vendor-advisory, x_refsource_REDHAT
	http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html	mailing-list, x_refsource_MLIST
	http://marc.info/?l=oss-security&m=127611288927500&w=2	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/65722	vdb-entry, x_refsource_BID
	http://www.ocert.org/advisories/ocert-2010-001.html	x_refsource_MISC
	http://marc.info/?l=oss-security&m=127416905831994&w=2	mailing-list, x_refsource_MLIST
	http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html	mailing-list, x_refsource_MLIST
	http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=591580	x_refsource_CONFIRM
	http://marc.info/?l=oss-security&m=127441275821210&w=2	mailing-list, x_refsource_MLIST
	http://marc.info/?l=oss-security&m=127412569216380&w=2	mailing-list, x_refsource_MLIST
	http://marc.info/?l=oss-security&m=127432968701342&w=2	mailing-list, x_refsource_MLIST
	http://marc.info/?l=oss-security&m=127427572721591&w=2	mailing-list, x_refsource_MLIST
	http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html	mailing-list, x_refsource_MLIST
	http://marc.info/?l=oss-security&m=127422615924593&w=2	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
          },
          {
            "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
          },
          {
            "name": "RHSA-2014:0151",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
          },
          {
            "name": "[bug-wget] 20100520 security risk of unexpected download filenames",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
          },
          {
            "name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
          },
          {
            "name": "65722",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65722"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
          },
          {
            "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127416905831994\u0026w=2"
          },
          {
            "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
          },
          {
            "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
          },
          {
            "name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127441275821210\u0026w=2"
          },
          {
            "name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127412569216380\u0026w=2"
          },
          {
            "name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
          },
          {
            "name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127427572721591\u0026w=2"
          },
          {
            "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
          },
          {
            "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127422615924593\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
        },
        {
          "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
        },
        {
          "name": "RHSA-2014:0151",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
        },
        {
          "name": "[bug-wget] 20100520 security risk of unexpected download filenames",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
        },
        {
          "name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
        },
        {
          "name": "65722",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65722"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
        },
        {
          "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127416905831994\u0026w=2"
        },
        {
          "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
        },
        {
          "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
        },
        {
          "name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127441275821210\u0026w=2"
        },
        {
          "name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127412569216380\u0026w=2"
        },
        {
          "name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
        },
        {
          "name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127427572721591\u0026w=2"
        },
        {
          "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
        },
        {
          "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127422615924593\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=602797",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"
            },
            {
              "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"
            },
            {
              "name": "RHSA-2014:0151",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"
            },
            {
              "name": "[bug-wget] 20100520 security risk of unexpected download filenames",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"
            },
            {
              "name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
            },
            {
              "name": "65722",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65722"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2010-001.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
            },
            {
              "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127416905831994\u0026w=2"
            },
            {
              "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"
            },
            {
              "name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
            },
            {
              "name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127441275821210\u0026w=2"
            },
            {
              "name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127412569216380\u0026w=2"
            },
            {
              "name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127432968701342\u0026w=2"
            },
            {
              "name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127427572721591\u0026w=2"
            },
            {
              "name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"
            },
            {
              "name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127422615924593\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2252",
    "datePublished": "2010-07-06T14:00:00",
    "dateReserved": "2010-06-09T00:00:00",
    "dateUpdated": "2024-08-07T02:25:07.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted