|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-08 | |
| Rule Name: | PROTOCOL-FTP GNU Wget FTP Remote File Creation Vulnerability -2 (CVE-2014-4877) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:70751 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html |