What is CVE-2014-4877?

CVE-2014-4877 is a vulnerability in Gnu Wget, classified under Path Traversal. Published 2014-10-29.

Is CVE-2014-4877 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Gnu Wget

CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.743 (98.9th percentile) — read the EPSS interpretation.

Affected products

Gnu Wget — versions 1.12, 1.13, 1.13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

cret@cert.org (x_refsource_CONFIRM, Patch)
GLSA-201411-05 (vendor-advisory, x_refsource_GENTOO)
cret@cert.org (x_refsource_CONFIRM)
[bug-wget] 20141027 GNU wget 1.16 released (mailing-list, x_refsource_MLIST, Patch)
USN-2393-1 (x_refsource_UBUNTU, vendor-advisory)
MDVSA-2015:121 (vendor-advisory, x_refsource_MANDRIVA)
RHSA-2014:1955 (x_refsource_REDHAT, vendor-advisory)
DSA-3062 (vendor-advisory, x_refsource_DEBIAN)
cret@cert.org (x_refsource_CONFIRM)
VU#685996 (x_refsource_CERT-VN, US Government Resource, Patch, third-party-advisory)

Frequently asked questions

What is CVE-2014-4877?: CVE-2014-4877 is a vulnerability in Gnu Wget, classified under Path Traversal. Published 2014-10-29.
Is CVE-2014-4877 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.