Terminal Manipulation Vulnerability in wget by GNU
CVE-2004-1488

Currently unrated

Key Information:

Vendor

Gnu
Status
Wget
Vendor
CVE Published:
27 April 2005

What is CVE-2004-1488?

The vulnerability in wget versions 1.8.x and 1.9.x arises from the failure to properly filter or quote control characters when outputting HTTP responses to the terminal. This oversight can be exploited by remote malicious web servers, enabling them to inject terminal escape sequences. Consequently, such exploitation could lead to arbitrary code execution on the client system. Users should be vigilant and upgrade to newer versions of wget to mitigate potential risks associated with this vulnerability.

References

http://www.redhat.com/support/errata/RHSA-2005-771.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/11871
vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=110269474112384&w=2
mailing-listx_refsource_BUGTRAQ

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.