Back to search
CVE-2010-2252
Published: Jul 6, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=602797
x_refsource_CONFIRM
[bug-wget] 20100520 Re: security risk of unexpected download filenames
mailing-list
x_refsource_MLIST
RHSA-2014:0151
vendor-advisory
x_refsource_REDHAT
[bug-wget] 20100520 security risk of unexpected download filenames
mailing-list
x_refsource_MLIST
[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
65722
vdb-entry
x_refsource_BID
http://www.ocert.org/advisories/ocert-2010-001.html
x_refsource_MISC
[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
[bug-wget] 20100521 Re: security risk of unexpected download filenames
mailing-list
x_refsource_MLIST
[bug-wget] 20100520 Re: security risk of unexpected download filenames
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=591580
x_refsource_CONFIRM
[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
[bug-wget] 20100521 Re: security risk of unexpected download filenames
mailing-list
x_refsource_MLIST
[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now