CVE-2004-1487

{"id": "CVE-2004-1487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-04-27T04:00:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1012472", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-771.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11871", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/145-1/", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1012472", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-771.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11871", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/145-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."}, {"lang": "es", "value": "wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirecci\u00f3n URL conteniendo un \"..\" que se resuelve como la direcci\u00f3n IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias \"..\"."}], "lastModified": "2024-11-20T23:51:00.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1"}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208"}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E"}, {"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56"}, {"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}