Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2014-10-29T10:00:00
Updated: 2017-02-16T10:57:01
Reserved: 2014-07-10T00:00:00
Link: CVE-2014-4877
JSON object: View
NVD Information
Status : Modified
Published: 2014-10-29T10:55:05.417
Modified: 2017-02-17T02:59:00.467
Link: CVE-2014-4877
JSON object: View
Redhat Information
No data.
CWE