{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2005:771", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/145-1/"}, {"name": "wget-file-overwrite(18420)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"}, {"name": "oval:org.mitre.oval:def:11682", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "1012472", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012472"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1487", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2005:771", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/145-1/"}, {"name": "wget-file-overwrite(18420)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"}, {"name": "oval:org.mitre.oval:def:11682", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "1012472", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012472"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:53:24.036Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2005:771", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/145-1/"}, {"name": "wget-file-overwrite(18420)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"}, {"name": "oval:org.mitre.oval:def:11682", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "1012472", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1012472"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1487", "datePublished": "2005-02-15T05:00:00", "dateReserved": "2005-02-15T00:00:00", "dateUpdated": "2024-08-08T00:53:24.036Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."}, {"lang": "es", "value": "wget 1.8.x y 1.9.x permite a un servidor web remoto malicioso sobreescribir ciertos ficheros mediante una redirecci\u00f3n URL conteniendo un \"..\" que se resuelve como la direcci\u00f3n IP de un usuario malicioso, lo que se salta el filtrado de wget de secuencias \"..\"."}], "id": "CVE-2004-1487", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-04-27T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012472"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11871"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/145-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1012472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/145-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:771", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "wget-0:1.10.1-1.30E.1", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2005-09-27T00:00:00Z"}, {"advisory": "RHSA-2005:771", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "wget-0:1.10.1-2.4E.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2005-09-27T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617413"}, "csaw": false, "details": ["wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."], "name": "CVE-2004-1487", "public_date": "2004-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-1487\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-1487"], "threat_severity": "Low"}