{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"}, {"name": "RHSA-2014:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"}, {"name": "[bug-wget] 20100520 security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "65722", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65722"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"}, {"name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602797", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"}, {"name": "RHSA-2014:0151", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"}, {"name": "[bug-wget] 20100520 security risk of unexpected download filenames", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "65722", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65722"}, {"name": "http://www.ocert.org/advisories/ocert-2010-001.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"}, {"name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:25:07.646Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"}, {"name": "RHSA-2014:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"}, {"name": "[bug-wget] 20100520 security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "65722", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65722"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"}, {"name": "[bug-wget] 20100520 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "[oss-security] 20100521 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"}, {"name": "[oss-security] 20100517 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"}, {"name": "[oss-security] 20100520 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"name": "[oss-security] 20100519 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"}, {"name": "[bug-wget] 20100521 Re: security risk of unexpected download filenames", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"}, {"name": "[oss-security] 20100518 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2252", "datePublished": "2010-07-06T14:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2024-08-07T02:25:07.646Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", "matchCriteriaId": "44513D0B-6636-4977-A3B9-F65CFA70B929", "versionEndIncluding": "1.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "50DD71F2-0B3C-4082-950A-CBFA5C601AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "26B3B1B6-3985-4479-93B2-14E1AB52F768", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "0BC975AA-0F98-4A3A-B3B4-2152156327D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DEDFB88-C435-4FB9-838D-8199690A8F70", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "94E758F9-798B-4C25-A94A-8BF4E3E90B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "FDE8FE2E-40EF-4B86-A01E-7777FBDABB59", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E097843-1854-4C5E-BB27-07280EB3EEB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "1047974D-7A5D-4533-996B-2B09EC7E8789", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "C40562DA-2B50-4B30-B0D8-B62913FCC680", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5B63798-366A-4778-987D-19307228E13B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "90DEBAA0-B537-4EEC-8EA2-E503F26A0496", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "DEC161C5-5247-4A3C-AB56-6562B0A65D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:wget:1.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "4F710A7B-ACF3-4955-97E9-07187069CDBF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}, {"lang": "es", "value": "GNU Wget v1.12 y anteriores usan un nombre de fichero proporcionado por el servidor en lugar de la URL original para determinar el nombre de fichero destino de una descarga, lo que permite a servidores remotos crear o sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de redirecciones 3xx en una URL con nombre de fichero .wgetrc seguido por la redirecci\u00f3n 3xx en una URL con un nombre de fichero manipulado, y probablemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escribir un fichero punto en un directorio home."}], "id": "CVE-2010-2252", "lastModified": "2024-11-21T01:16:14.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-06T17:17:13.313", "references": [{"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"}, {"source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"}, {"source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65722"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/bug-wget/2010-05/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127412569216380&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127416905831994&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127422615924593&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127427572721591&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127432968701342&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127441275821210&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0151.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:0151", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "wget-0:1.12-1.11.el6_5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-02-10T00:00:00Z"}], "bugzilla": {"description": "wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]", "id": "602797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602797"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."], "name": "CVE-2010-2252", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "wget", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "wget", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "wget", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2010-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2252\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2252\nhttp://www.ocert.org/advisories/ocert-2010-001.html"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact due to the series of events required to successfully exploit it, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}