|
|||
Rule General Information |
---|
Release Date: | 2014-12-08 | |
Rule Name: | PROTOCOL-FTP GNU Wget FTP Remote File Creation Vulnerability -2 (CVE-2014-4877) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | |
Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
Affected OS: | Windows | |
Reference: | SecurityFocusBID:70751 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html |