Wget < 1.5.4 Symlink Permission Modification

Medium Log Correlation Engine Plugin ID 800985




The remote host is using a version of wget that contains a bug that may make it chmod downloaded symlinks when the option -N is used. An attacker may use this flaw by setting up a rogue FTP server with a symlink pointing to sensitive files.


Upgrade to Wget 1.5.4 or higher.

Plugin Details

Severity: Medium

ID: 800985

File Name: 800985.prm

Family: Web Clients

Risk Information

Risk Factor: Medium

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

Reference Information

BID: 1299