vulnerability
Oracle Linux: CVE-2016-4971: ELSA-2016-2587: wget security and bug fix update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:C) | 2016-06-09 | 2016-11-09 | 2024-11-29 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
2016-06-09
Added
2016-11-09
Modified
2024-11-29
Description
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.
It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client.
Solution
oracle-linux-upgrade-wget
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.