mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-29 16:20:47 +02:00
1.1 KiB
1.1 KiB
CVE-2014-4877
Description
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.ubuntu.com/usn/USN-2393-1
- https://github.com/rapid7/metasploit-framework/pull/4088
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://kc.mcafee.com/corporate/index?page=content&id=SB10106