CVE-2004-1488

Sažetak

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755
http://marc.info/?l=bugtraq&m=110269474112384&w=2
http://secunia.com/advisories/20960
http://securitytracker.com/id?1012472
http://www.novell.com/linux/security/advisories/2006_16_sr.html
http://www.redhat.com/support/errata/RHSA-2005-771.html
http://www.securityfocus.com/bid/11871
https://exchange.xforce.ibmcloud.com/vulnerabilities/18421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750
https://usn.ubuntu.com/145-1/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-10-2018 - 21:29

Objavljeno

27-04-2005 - 04:00