Vulnerability Details : CVE-2014-4877
Public exploit exists!
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2014-4877
- cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4877
7.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-4877
-
GNU Wget FTP Symlink Arbitrary Filesystem Access
Disclosure Date: 2014-10-27First seen: 2020-04-26auxiliary/server/wget_symlink_file_writeThis module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARG
CVSS scores for CVE-2014-4877
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-4877
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4877
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2014-1764.html
RHSA-2014:1764 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2393-1
USN-2393-1: Wget vulnerability | Ubuntu security notices
-
http://www.kb.cert.org/vuls/id/685996
VU#685996 - GNU Wget creates arbitrary symbolic links during recursive FTP downloadPatch;US Government Resource
-
http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html
[Bug-wget] GNU wget 1.16 releasedPatch
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10106
McAfee Security Bulletin - Data Loss Prevention hotfix resolves two security issues
-
https://github.com/rapid7/metasploit-framework/pull/4088
Add module for CVE-2014-4877 (Wget) by hdm · Pull Request #4088 · rapid7/metasploit-framework · GitHubExploit
-
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
[security-announce] SUSE-SU-2014:1408-1: important: Security update for
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2014-1955.html
RHSA-2014:1955 - Security Advisory - Red Hat Customer Portal
-
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem AccessExploit
-
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
[security-announce] SUSE-SU-2014:1366-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Oracle Bulletin Board Update - January 2015
-
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
wget.git - GNU Wget
-
http://advisories.mageia.org/MGASA-2014-0431.html
Mageia Advisory: MGASA-2014-0431 - Updated wget packages fix CVE-2014-4877
-
http://www.securityfocus.com/bid/70751
GNU Wget CVE-2014-4877 Symlink Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html
openSUSE-SU-2014:1380-1: moderate: update for wget
-
http://security.gentoo.org/glsa/glsa-201411-05.xml
GNU Wget: Arbitrary code execution (GLSA 201411-05) — Gentoo security
-
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0
wget.git - GNU WgetPatch
-
http://www.debian.org/security/2014/dsa-3062
Debian -- Security Information -- DSA-3062-1 wget
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:121
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=1139181
1139181 – (CVE-2014-4877) CVE-2014-4877 wget: FTP symlink arbitrary filesystem accessPatch
Jump to