Search for vulnerabilities
Vulnerability details: VCID-6hyy-mdcx-wbdc
Vulnerability ID VCID-6hyy-mdcx-wbdc
Aliases CVE-2014-4877
Summary
Status Published
Exploitability 2.0
Weighted Severity 3.8
Risk 7.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
System Score Found at
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.69365 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
cvssv2 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4877.json
https://api.first.org/data/v1/epss?cve=CVE-2014-4877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1139181 https://bugzilla.redhat.com/show_bug.cgi?id=1139181
766981 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766981
RHSA-2014:1764 https://access.redhat.com/errata/RHSA-2014:1764
RHSA-2014:1955 https://access.redhat.com/errata/RHSA-2014:1955
USN-2393-1 https://usn.ubuntu.com/2393-1/
Data source Metasploit
Description This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1.14. Versions prior to 1.16 are presumed vulnerable.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 27, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/server/wget_symlink_file_write.rb
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9857
EPSS Score 0.69365
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:40:01.932149+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2393-1/ 37.0.0