Vulnerability Details : CVE-2004-1488
Potential exploit
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2004-1488
- cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1488
1.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1488
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-1488
-
http://securitytracker.com/id?1012472
Access Denied
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755
#261755 - wget: Server responses &c written to the tty verbatim (escape sequences, control characters, ...) - Debian Bug report logsExploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750
404 Not Found
-
https://usn.ubuntu.com/145-1/
404: Page not found | Ubuntu
-
http://marc.info/?l=bugtraq&m=110269474112384&w=2
'wget: Arbitrary file overwriting/appending/creating and other vulnerabilities' - MARC
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18421
wget allows terminal parts to be overwritten CVE-2004-1488 Vulnerability Report
-
http://www.securityfocus.com/bid/11871
Exploit;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-771.html
Support
-
http://www.novell.com/linux/security/advisories/2006_16_sr.html
404 Page Not Found | SUSE
Jump to