{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2005:771", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/145-1/"}, {"name": "SUSE-SR:2006:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"}, {"name": "wget-terminal-overwrite(18421)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "oval:org.mitre.oval:def:9750", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"}, {"name": "20960", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20960"}, {"name": "1012472", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012472"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2005:771", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/145-1/"}, {"name": "SUSE-SR:2006:016", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"}, {"name": "wget-terminal-overwrite(18421)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "oval:org.mitre.oval:def:9750", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"}, {"name": "20960", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20960"}, {"name": "1012472", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012472"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:53:23.926Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2005:771", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"name": "11871", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11871"}, {"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"name": "USN-145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/145-1/"}, {"name": "SUSE-SR:2006:016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"}, {"name": "wget-terminal-overwrite(18421)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"name": "oval:org.mitre.oval:def:9750", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"}, {"name": "20960", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20960"}, {"name": "1012472", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1012472"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1488", "datePublished": "2005-02-15T05:00:00", "dateReserved": "2005-02-15T00:00:00", "dateUpdated": "2024-08-08T00:53:23.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."}, {"lang": "es", "value": "wget 1.8.x y 1.9.x no filtra o pone comillas a caract\u00e9res de control cuando se muestran respuestas HTTP en el terminal, lo que puede permitir a servidores web maliciosos inyectar secuencias de escape y ejecutar c\u00f3digo de su elecci\u00f3n."}], "id": "CVE-2004-1488", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-04-27T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20960"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012472"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11871"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/145-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1012472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/11871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/145-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2005:771", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "wget-0:1.10.1-1.30E.1", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2005-09-27T00:00:00Z"}, {"advisory": "RHSA-2005:771", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "wget-0:1.10.1-2.4E.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2005-09-27T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617414", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617414"}, "csaw": false, "details": ["wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."], "name": "CVE-2004-1488", "public_date": "2004-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-1488\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-1488"], "threat_severity": "Low"}