Search for vulnerabilities
Vulnerability details: VCID-298s-hepy-aaaj
Vulnerability ID VCID-298s-hepy-aaaj
Aliases CVE-2016-4971
Summary GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-73 External Control of File Name or Path
System Score Found at
generic_textual Medium http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4971.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:2587
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4971.json
epss 0.72984 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.72984 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.73293 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.92641 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.92641 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.92641 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
epss 0.95507 https://api.first.org/data/v1/epss?cve=CVE-2016-4971
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-4971
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2016-4971
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2016-4971
generic_textual Medium https://ubuntu.com/security/notices/USN-3012-1
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Reference id Reference type URL
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1
http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html
http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4971.html
http://rhn.redhat.com/errata/RHSA-2016-2587.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4971.json
https://api.first.org/data/v1/epss?cve=CVE-2016-4971
https://bugzilla.redhat.com/show_bug.cgi?id=1343666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201610-11
https://security.paloaltonetworks.com/CVE-2016-4971
https://ubuntu.com/security/notices/USN-3012-1
https://www.exploit-db.com/exploits/40064/
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/91530
http://www.securitytracker.com/id/1036133
http://www.ubuntu.com/usn/USN-3012-1
827003 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827003
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
CVE-2016-4971 Exploit http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt
CVE-2016-4971 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40064.txt
CVE-2016-4971 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/49815.py
CVE-2016-4971 https://nvd.nist.gov/vuln/detail/CVE-2016-4971
RHSA-2016:2587 https://access.redhat.com/errata/RHSA-2016:2587
USN-3012-1 https://usn.ubuntu.com/3012-1/
Data source Exploit-DB
Date added July 6, 2016
Description GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution
Ransomware campaign use Known
Source publication date July 6, 2016
Exploit type remote
Platform linux
Source update date July 6, 2016
Source URL http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4971.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-4971
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-4971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-4971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98696
EPSS Score 0.72984
Published At June 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.