CVE-2004-1487

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110269474112384&w=2
http://securitytracker.com/id?1012472
http://www.redhat.com/support/errata/RHSA-2005-771.html
http://www.securityfocus.com/bid/11871	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18420
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682
https://usn.ubuntu.com/145-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:wget:1.8:::::::*
	cpe:2.3:a:gnu:wget:1.8.1:::::::*
	cpe:2.3:a:gnu:wget:1.8.2:::::::*
	cpe:2.3:a:gnu:wget:1.9:::::::*
	cpe:2.3:a:gnu:wget:1.9.1:::::::*

History

No history.

Information

Published : 2005-04-27 04:00

Updated : 2018-10-03 21:29

NVD link : CVE-2004-1487

Mitre link : CVE-2004-1487

CVE.ORG link : CVE-2004-1487

JSON object : View

Products Affected

gnu

wget

CWE

NVD-CWE-Other

{"id": "CVE-2004-1487", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-04-27T04:00:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1012472", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-771.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11871", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/145-1/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."}, {"lang": "es", "value": "wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirecci\u00f3n URL conteniendo un \"..\" que se resuelve como la direcci\u00f3n IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias \"..\"."}], "lastModified": "2018-10-03T21:29:26.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1"}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208"}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E"}, {"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56"}, {"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}