Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

wget < 1.18 Arbitrary Code Execution

Medium

Synopsis

The wget client version is vulnerable to arbitrary code execution.

Description

GNU Wget contains a flaw that is triggered when handling server redirects to FTP resources, as the destination filename is obtained from the redirected URL and not original URL. With a specially crafted response, a context-dependent attacker may cause another filename to be used than intended, effectively allowing the attacker to execute arbitrary code.

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.