Computer Security
[EN] securityvulns.ru no-pyccku


wget symbolic links vulnerability
Published:03.11.2014
Source:
SecurityVulns ID:14066
Type:client
Threat Level:
5/10
Description:Symbolic links vulnerability in FTP mirror mode.
Affected:WGET : wget 1.15
CVE:CVE-2014-4877 (Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:212 ] wget (03.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod