wget -- HTTP to FTP redirection file name confusion vulnerability

2016-06-09T00:00:00
ID 6DF56C60-3738-11E6-A671-60A44CE6887B
Type freebsd
Reporter FreeBSD
Modified 2016-06-09T00:00:00

Description

Giuseppe Scrivano reports:

On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename.