CVE-2014-4877
Description
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
69.365
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| retrieves files from the web (USN-2393-1) wget_1.15-1ubuntu1.14.04.1_i386.deb | Linux |
| retrieves files from the web (USN-2393-1) wget_1.15-1ubuntu1.14.04.1_amd64.deb | Linux |
| wget security update(DSA-3062-1) wget_1.13.4-3+deb7u2_i386.deb | Linux |
| (RHSA-2014:1955) Moderate: wget security update wget-1.12-1.12.el6_5.i686.rpm | Linux |
| (RHSA-2014:1955) Moderate: wget security update wget-1.12-1.12.el6_5.x86_64.rpm | Linux |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2014-4877) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234