ID CVE-2016-4971
Summary GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:-:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.11.4-1:*:*:*:gnuwin32:*:*:*
    cpe:2.3:a:gnu:wget:1.11.4-1:*:*:*:gnuwin32:*:*:*
  • cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:wget:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:wget:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.4:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.7:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.7:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.8:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.9:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.10:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.10:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.11:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.11:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.12:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.12:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.13:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.13:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.14:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.14:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.15:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.15:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:6.1.16:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:6.1.16:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.5-h2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.5-h2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:h2:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4-h2:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.4-h2:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.5:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:*:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:-:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:h4:*:*:*:*:*:*
    cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:h4:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 05-05-2021 - 14:43)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1343666
title CVE-2016-4971 wget: Lack of filename checking allows arbitrary file upload via FTP redirect
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • comment wget is earlier than 0:1.14-13.el7
      oval oval:com.redhat.rhsa:tst:20162587001
    • comment wget is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20140151002
rhsa
id RHSA-2016:2587
released 2016-11-03
severity Moderate
title RHSA-2016:2587: wget security and bug fix update (Moderate)
rpms
  • wget-0:1.14-13.el7
  • wget-debuginfo-0:1.14-13.el7
refmap via4
bid 91530
confirm
exploit-db 40064
gentoo GLSA-201610-11
mlist [info-gnu] 20160609 GNU wget 1.18 released
sectrack 1036133
suse openSUSE-SU-2016:2027
ubuntu USN-3012-1
Last major update 05-05-2021 - 14:43
Published 30-06-2016 - 17:59
Last modified 05-05-2021 - 14:43
Back to Top