Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1487

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1487
Last Modified 21 Aug 2010 12:22:36
Published 27 Apr 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1487

Summary

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

Vulnerable Systems

Application

  • Gnu Wget 1.8

  • Gnu Wget 1.8.1

  • Gnu Wget 1.8.2

  • Gnu Wget 1.9

  • Gnu Wget 1.9.1


References

XF - wget-file-overwrite(18420)

UBUNTU - USN-145-1

BID - 11871

SECTRACK - 1012472

BUGTRAQ - 20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755

REDHAT - RHSA-2005:771


Last Updated: 27 May 2016 10:39:03