Lucene search

PRIOn knowledge basePRION:CVE-2014-4877

HistoryOct 29, 2014 - 10:55 a.m.

Path traversal

2014-10-2910:55:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.078 Low

EPSS

Percentile

94.0%

JSON

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

CPENameOperatorVersion
wgeteq1.13.2
wgeteq1.13.1
wgeteq1.14
wgeteq1.13.4
wgetle1.15
wgeteq1.12
wgeteq1.13.3
wgeteq1.13

Name	Operator	Version
wget	eq	1.13.2
wget	eq	1.13.1
wget	eq	1.14
wget	eq	1.13.4
wget	le	1.15
wget	eq	1.12
wget	eq	1.13.3
wget	eq	1.13

References

advisories.mageia.org/MGASA-2014-0431.html

git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7

git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0

lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html

lists.opensuse.org/opensuse-updates/2014-11/msg00026.html

rhn.redhat.com/errata/RHSA-2014-1764.html

rhn.redhat.com/errata/RHSA-2014-1955.html

security.gentoo.org/glsa/glsa-201411-05.xml

www.debian.org/security/2014/dsa-3062

www.kb.cert.org/vuls/id/685996

www.mandriva.com/security/advisories?name=MDVSA-2015:121

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.securityfocus.com/bid/70751

www.ubuntu.com/usn/USN-2393-1

bugzilla.redhat.com/show_bug.cgi?id=1139181

community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

github.com/rapid7/metasploit-framework/pull/4088

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

kc.mcafee.com/corporate/index?page=content&id=SB10106

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.078 Low

EPSS

Percentile

94.0%

JSON

Related for PRION:CVE-2014-4877