Absolute Path Traversal Vulnerability in GNU Wget from GNU
CVE-2014-4877

Currently unrated

Key Information:

Vendor

Gnu
Status
Wget
Vendor
CVE Published:
29 October 2014

What is CVE-2014-4877?

The vulnerability in GNU Wget, prior to version 1.16, occurs when recursion is enabled, allowing remote FTP servers to exploit an absolute path traversal flaw. By sending a crafted LIST response that references the same filename within multiple entries, one of which is a symlink, attackers can manipulate files on the local system and potentially execute arbitrary code. This risk underscores the importance of updating to secure versions and configuring Wget properly.

References

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b444...
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201411-05.xml
vendor-advisoryx_refsource_GENTOO
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.