csaf_redhat - rhsa-2016

rhsa-2016_2587

Vulnerability from csaf_redhat

Published

2016-11-03 08:09

Modified

2024-11-22 09:57

Summary

Red Hat Security Advisory: wget security and bug fix update

Notes

Topic

An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971) Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for wget is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.\n\nSecurity Fix(es):\n\n* It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971)\n\nRed Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:2587",
        "url": "https://access.redhat.com/errata/RHSA-2016:2587"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html",
        "url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1147572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147572"
      },
      {
        "category": "external",
        "summary": "1343666",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343666"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2587.json"
      }
    ],
    "title": "Red Hat Security Advisory: wget security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T09:57:47+00:00",
      "generator": {
        "date": "2024-11-22T09:57:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2016:2587",
      "initial_release_date": "2016-11-03T08:09:33+00:00",
      "revision_history": [
        {
          "date": "2016-11-03T08:09:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-11-03T08:09:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T09:57:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.14-13.el7.x86_64",
                "product": {
                  "name": "wget-debuginfo-0:1.14-13.el7.x86_64",
                  "product_id": "wget-debuginfo-0:1.14-13.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.14-13.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.x86_64",
                "product": {
                  "name": "wget-0:1.14-13.el7.x86_64",
                  "product_id": "wget-0:1.14-13.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.s390x",
                "product": {
                  "name": "wget-0:1.14-13.el7.s390x",
                  "product_id": "wget-0:1.14-13.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.14-13.el7.s390x",
                "product": {
                  "name": "wget-debuginfo-0:1.14-13.el7.s390x",
                  "product_id": "wget-debuginfo-0:1.14-13.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.14-13.el7?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.ppc64",
                "product": {
                  "name": "wget-0:1.14-13.el7.ppc64",
                  "product_id": "wget-0:1.14-13.el7.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.14-13.el7.ppc64",
                "product": {
                  "name": "wget-debuginfo-0:1.14-13.el7.ppc64",
                  "product_id": "wget-debuginfo-0:1.14-13.el7.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.14-13.el7?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.aarch64",
                "product": {
                  "name": "wget-0:1.14-13.el7.aarch64",
                  "product_id": "wget-0:1.14-13.el7.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.14-13.el7.aarch64",
                "product": {
                  "name": "wget-debuginfo-0:1.14-13.el7.aarch64",
                  "product_id": "wget-debuginfo-0:1.14-13.el7.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.14-13.el7?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-debuginfo-0:1.14-13.el7.ppc64le",
                "product": {
                  "name": "wget-debuginfo-0:1.14-13.el7.ppc64le",
                  "product_id": "wget-debuginfo-0:1.14-13.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget-debuginfo@1.14-13.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.ppc64le",
                "product": {
                  "name": "wget-0:1.14-13.el7.ppc64le",
                  "product_id": "wget-0:1.14-13.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "wget-0:1.14-13.el7.src",
                "product": {
                  "name": "wget-0:1.14-13.el7.src",
                  "product_id": "wget-0:1.14-13.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/wget@1.14-13.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.src"
        },
        "product_reference": "wget-0:1.14-13.el7.src",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-debuginfo-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-debuginfo-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-debuginfo-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-debuginfo-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client:wget-debuginfo-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.src"
        },
        "product_reference": "wget-0:1.14-13.el7.src",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-debuginfo-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-debuginfo-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode:wget-debuginfo-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.src"
        },
        "product_reference": "wget-0:1.14-13.el7.src",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-debuginfo-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-debuginfo-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-debuginfo-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-debuginfo-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server:wget-debuginfo-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.src"
        },
        "product_reference": "wget-0:1.14-13.el7.src",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-debuginfo-0:1.14-13.el7.aarch64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.aarch64",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64le"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.ppc64le",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-debuginfo-0:1.14-13.el7.s390x"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.s390x",
        "relates_to_product_reference": "7Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "wget-debuginfo-0:1.14-13.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation:wget-debuginfo-0:1.14-13.el7.x86_64"
        },
        "product_reference": "wget-debuginfo-0:1.14-13.el7.x86_64",
        "relates_to_product_reference": "7Workstation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "GNU wget project"
          ]
        },
        {
          "names": [
            "Dawid Golunski"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-4971",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "discovery_date": "2016-06-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1343666"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wget: Lack of filename checking allows arbitrary file upload via FTP redirect",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client:wget-0:1.14-13.el7.aarch64",
          "7Client:wget-0:1.14-13.el7.ppc64",
          "7Client:wget-0:1.14-13.el7.ppc64le",
          "7Client:wget-0:1.14-13.el7.s390x",
          "7Client:wget-0:1.14-13.el7.src",
          "7Client:wget-0:1.14-13.el7.x86_64",
          "7Client:wget-debuginfo-0:1.14-13.el7.aarch64",
          "7Client:wget-debuginfo-0:1.14-13.el7.ppc64",
          "7Client:wget-debuginfo-0:1.14-13.el7.ppc64le",
          "7Client:wget-debuginfo-0:1.14-13.el7.s390x",
          "7Client:wget-debuginfo-0:1.14-13.el7.x86_64",
          "7ComputeNode:wget-0:1.14-13.el7.aarch64",
          "7ComputeNode:wget-0:1.14-13.el7.ppc64",
          "7ComputeNode:wget-0:1.14-13.el7.ppc64le",
          "7ComputeNode:wget-0:1.14-13.el7.s390x",
          "7ComputeNode:wget-0:1.14-13.el7.src",
          "7ComputeNode:wget-0:1.14-13.el7.x86_64",
          "7ComputeNode:wget-debuginfo-0:1.14-13.el7.aarch64",
          "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64",
          "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64le",
          "7ComputeNode:wget-debuginfo-0:1.14-13.el7.s390x",
          "7ComputeNode:wget-debuginfo-0:1.14-13.el7.x86_64",
          "7Server:wget-0:1.14-13.el7.aarch64",
          "7Server:wget-0:1.14-13.el7.ppc64",
          "7Server:wget-0:1.14-13.el7.ppc64le",
          "7Server:wget-0:1.14-13.el7.s390x",
          "7Server:wget-0:1.14-13.el7.src",
          "7Server:wget-0:1.14-13.el7.x86_64",
          "7Server:wget-debuginfo-0:1.14-13.el7.aarch64",
          "7Server:wget-debuginfo-0:1.14-13.el7.ppc64",
          "7Server:wget-debuginfo-0:1.14-13.el7.ppc64le",
          "7Server:wget-debuginfo-0:1.14-13.el7.s390x",
          "7Server:wget-debuginfo-0:1.14-13.el7.x86_64",
          "7Workstation:wget-0:1.14-13.el7.aarch64",
          "7Workstation:wget-0:1.14-13.el7.ppc64",
          "7Workstation:wget-0:1.14-13.el7.ppc64le",
          "7Workstation:wget-0:1.14-13.el7.s390x",
          "7Workstation:wget-0:1.14-13.el7.src",
          "7Workstation:wget-0:1.14-13.el7.x86_64",
          "7Workstation:wget-debuginfo-0:1.14-13.el7.aarch64",
          "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64",
          "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64le",
          "7Workstation:wget-debuginfo-0:1.14-13.el7.s390x",
          "7Workstation:wget-debuginfo-0:1.14-13.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-4971"
        },
        {
          "category": "external",
          "summary": "RHBZ#1343666",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343666"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-4971"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4971",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4971"
        }
      ],
      "release_date": "2016-06-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-11-03T08:09:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client:wget-0:1.14-13.el7.aarch64",
            "7Client:wget-0:1.14-13.el7.ppc64",
            "7Client:wget-0:1.14-13.el7.ppc64le",
            "7Client:wget-0:1.14-13.el7.s390x",
            "7Client:wget-0:1.14-13.el7.src",
            "7Client:wget-0:1.14-13.el7.x86_64",
            "7Client:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Client:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Client:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-0:1.14-13.el7.src",
            "7ComputeNode:wget-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Server:wget-0:1.14-13.el7.aarch64",
            "7Server:wget-0:1.14-13.el7.ppc64",
            "7Server:wget-0:1.14-13.el7.ppc64le",
            "7Server:wget-0:1.14-13.el7.s390x",
            "7Server:wget-0:1.14-13.el7.src",
            "7Server:wget-0:1.14-13.el7.x86_64",
            "7Server:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Server:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Server:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Workstation:wget-0:1.14-13.el7.aarch64",
            "7Workstation:wget-0:1.14-13.el7.ppc64",
            "7Workstation:wget-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-0:1.14-13.el7.s390x",
            "7Workstation:wget-0:1.14-13.el7.src",
            "7Workstation:wget-0:1.14-13.el7.x86_64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2587"
        },
        {
          "category": "workaround",
          "details": "Use wget with \"-O\" option to explicitly specify the output filename.",
          "product_ids": [
            "7Client:wget-0:1.14-13.el7.aarch64",
            "7Client:wget-0:1.14-13.el7.ppc64",
            "7Client:wget-0:1.14-13.el7.ppc64le",
            "7Client:wget-0:1.14-13.el7.s390x",
            "7Client:wget-0:1.14-13.el7.src",
            "7Client:wget-0:1.14-13.el7.x86_64",
            "7Client:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Client:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Client:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-0:1.14-13.el7.src",
            "7ComputeNode:wget-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Server:wget-0:1.14-13.el7.aarch64",
            "7Server:wget-0:1.14-13.el7.ppc64",
            "7Server:wget-0:1.14-13.el7.ppc64le",
            "7Server:wget-0:1.14-13.el7.s390x",
            "7Server:wget-0:1.14-13.el7.src",
            "7Server:wget-0:1.14-13.el7.x86_64",
            "7Server:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Server:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Server:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Workstation:wget-0:1.14-13.el7.aarch64",
            "7Workstation:wget-0:1.14-13.el7.ppc64",
            "7Workstation:wget-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-0:1.14-13.el7.s390x",
            "7Workstation:wget-0:1.14-13.el7.src",
            "7Workstation:wget-0:1.14-13.el7.x86_64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Client:wget-0:1.14-13.el7.aarch64",
            "7Client:wget-0:1.14-13.el7.ppc64",
            "7Client:wget-0:1.14-13.el7.ppc64le",
            "7Client:wget-0:1.14-13.el7.s390x",
            "7Client:wget-0:1.14-13.el7.src",
            "7Client:wget-0:1.14-13.el7.x86_64",
            "7Client:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Client:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Client:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Client:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-0:1.14-13.el7.src",
            "7ComputeNode:wget-0:1.14-13.el7.x86_64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.s390x",
            "7ComputeNode:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Server:wget-0:1.14-13.el7.aarch64",
            "7Server:wget-0:1.14-13.el7.ppc64",
            "7Server:wget-0:1.14-13.el7.ppc64le",
            "7Server:wget-0:1.14-13.el7.s390x",
            "7Server:wget-0:1.14-13.el7.src",
            "7Server:wget-0:1.14-13.el7.x86_64",
            "7Server:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Server:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Server:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Server:wget-debuginfo-0:1.14-13.el7.x86_64",
            "7Workstation:wget-0:1.14-13.el7.aarch64",
            "7Workstation:wget-0:1.14-13.el7.ppc64",
            "7Workstation:wget-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-0:1.14-13.el7.s390x",
            "7Workstation:wget-0:1.14-13.el7.src",
            "7Workstation:wget-0:1.14-13.el7.x86_64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.aarch64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.ppc64le",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.s390x",
            "7Workstation:wget-debuginfo-0:1.14-13.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wget: Lack of filename checking allows arbitrary file upload via FTP redirect"
    }
  ]
}

cve-2016-4971

Vulnerability from cvelistv5

Published

2016-06-30 17:00

Modified

2024-08-06 00:46

Severity ?

Summary

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

References

▼	URL	Tags
	http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201610-11	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/40064/	exploit, x_refsource_EXPLOIT-DB
	https://bugzilla.redhat.com/show_bug.cgi?id=1343666	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	x_refsource_CONFIRM
	http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2587.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1036133	vdb-entry, x_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-3012-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/91530	vdb-entry, x_refsource_BID
	https://security.paloaltonetworks.com/CVE-2016-4971	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:40.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[info-gnu] 20160609 GNU wget 1.18 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html"
          },
          {
            "name": "GLSA-201610-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-11"
          },
          {
            "name": "openSUSE-SU-2016:2027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html"
          },
          {
            "name": "40064",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40064/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343666"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1"
          },
          {
            "name": "RHSA-2016:2587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2587.html"
          },
          {
            "name": "1036133",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036133"
          },
          {
            "name": "USN-3012-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3012-1"
          },
          {
            "name": "91530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2016-4971"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-30T16:06:24",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[info-gnu] 20160609 GNU wget 1.18 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html"
        },
        {
          "name": "GLSA-201610-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-11"
        },
        {
          "name": "openSUSE-SU-2016:2027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html"
        },
        {
          "name": "40064",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40064/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343666"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1"
        },
        {
          "name": "RHSA-2016:2587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2587.html"
        },
        {
          "name": "1036133",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036133"
        },
        {
          "name": "USN-3012-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3012-1"
        },
        {
          "name": "91530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2016-4971"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-4971",
    "datePublished": "2016-06-30T17:00:00",
    "dateReserved": "2016-05-24T00:00:00",
    "dateUpdated": "2024-08-06T00:46:40.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted