Search for vulnerabilities
Vulnerability details: VCID-kfgk-nmgz-aaam
Vulnerability ID VCID-kfgk-nmgz-aaam
Aliases CVE-2014-4877
Summary Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 Improper Link Resolution Before File Access ('Link Following')
System Score Found at
generic_textual Medium http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4877.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1764
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1955
epss 0.06868 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.07222 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.49117 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.55509 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.56404 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.56404 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.56404 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.56404 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
epss 0.57321 https://api.first.org/data/v1/epss?cve=CVE-2014-4877
generic_textual Medium https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
cvssv2 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2014-4877
generic_textual Medium https://ubuntu.com/security/notices/USN-2393-1
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2014-0431.html
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4877.html
http://rhn.redhat.com/errata/RHSA-2014-1764.html
http://rhn.redhat.com/errata/RHSA-2014-1955.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4877.json
https://api.first.org/data/v1/epss?cve=CVE-2014-4877
https://bugzilla.redhat.com/show_bug.cgi?id=1139181
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
http://security.gentoo.org/glsa/glsa-201411-05.xml
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rapid7/metasploit-framework/pull/4088
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
https://ubuntu.com/security/notices/USN-2393-1
http://www.debian.org/security/2014/dsa-3062
http://www.kb.cert.org/vuls/id/685996
http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/70751
http://www.ubuntu.com/usn/USN-2393-1
766981 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766981
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.13.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
CVE-2014-4877 https://nvd.nist.gov/vuln/detail/CVE-2014-4877
GLSA-201411-05 https://security.gentoo.org/glsa/201411-05
RHSA-2014:1764 https://access.redhat.com/errata/RHSA-2014:1764
RHSA-2014:1955 https://access.redhat.com/errata/RHSA-2014:1955
USN-2393-1 https://usn.ubuntu.com/2393-1/
Data source Metasploit
Description This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1.14. Versions prior to 1.16 are presumed vulnerable.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 27, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/server/wget_symlink_file_write.rb
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4877
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94179
EPSS Score 0.06868
Published At Dec. 15, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.