Vulnerability Details : CVE-2010-2252
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-2252
Probability of exploitation activity in the next 30 days: 0.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-2252
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2252
-
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html
Re: [Bug-wget] security risk of unexpected download filenames
-
http://marc.info/?l=oss-security&m=127422615924593&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html
[Bug-wget] security risk of unexpected download filenames
-
http://marc.info/?l=oss-security&m=127416905831994&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
http://marc.info/?l=oss-security&m=127427572721591&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=591580
591580 – (CVE-2010-2251) CVE-2010-2251 lftp: multiple HTTP client download filename vulnerability [OCERT 2010-001]
-
http://marc.info/?l=oss-security&m=127432968701342&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html
Re: [Bug-wget] security risk of unexpected download filenames
-
http://marc.info/?l=oss-security&m=127441275821210&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
http://marc.info/?l=oss-security&m=127611288927500&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected' - MARC
-
http://rhn.redhat.com/errata/RHSA-2014-0151.html
RHSA-2014:0151 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=oss-security&m=127411372529485&w=2
'[oss-security] [oCERT-2010-001] multiple http client unexpected download filename' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=602797
602797 – (CVE-2010-2252) CVE-2010-2252 wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]
-
http://marc.info/?l=oss-security&m=127412569216380&w=2
'Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability' - MARC
-
http://www.securityfocus.com/bid/65722
GNU Wget CVE-2010-2252 Arbitrary File Overwrite Vulnerability
-
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html
Re: [Bug-wget] security risk of unexpected download filenames
-
http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html
Re: [Bug-wget] security risk of unexpected download filenames
-
http://www.ocert.org/advisories/ocert-2010-001.html
oCERT archive
Products affected by CVE-2010-2252
- cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*