Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-2252

Опубликовано: 06 июл. 2010
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8

Описание

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

РелизСтатусПримечание
dapper

released

1.10.2-1ubuntu1.2
devel

released

1.12-1.1ubuntu3
hardy

released

1.10.2-3ubuntu1.2
jaunty

released

1.11.4-2ubuntu1.2
karmic

released

1.11.4-2ubuntu2.1
lucid

released

1.12-1.1ubuntu2.1
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 88%
0.0411
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-2252

redhat
больше 15 лет назад

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

nvd логотип

CVE-2010-2252

nvd
около 15 лет назад

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

debian логотип

CVE-2010-2252

debian
около 15 лет назад

GNU Wget 1.12 and earlier uses a server-provided filename instead of t ...

github логотип

GHSA-hqjw-x4mf-w7v2

github
больше 3 лет назад

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

oracle-oval логотип

ELSA-2014-0151

oracle-oval
больше 11 лет назад

ELSA-2014-0151: wget security and bug fix update (LOW)

EPSS

Процентиль: 88%
0.0411
Низкий

6.8 Medium

CVSS2