Vulnerability Details : CVE-2004-1488
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2004-1488
Probability of exploitation activity in the next 30 days: 1.94%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-1488
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-1488
- http://securitytracker.com/id?1012472
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755
Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750
- https://usn.ubuntu.com/145-1/
- http://marc.info/?l=bugtraq&m=110269474112384&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18421
-
http://www.securityfocus.com/bid/11871
Exploit;Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-771.html
- http://www.novell.com/linux/security/advisories/2006_16_sr.html
Products affected by CVE-2004-1488
- cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*