CVE-2014-4877

CVE Details

Release Date:2014-10-27

Description


Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

See more information about CVE-2014-4877 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 4.3 Base Metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector: Network Attack Complexity: Medium
Authentication: None required Confidentiality Impact: None
Integrity Impact: Partial Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (wget)ELSA-2014-17642014-10-30
Oracle Linux version 7 (wget)ELSA-2014-17642014-10-30
Oracle VM version 3.3 (wget)OVMSA-2014-00362014-11-03
Oracle VM version 3.4 (wget)OVMSA-2014-00362014-11-03



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete